Meu nome de domínio é:
bullet-identity.ispgaya.pt
bullet-api.ispgaya.pt
Executei esse comando:
pedido de certificado
Produziu essa saída:
Error creating new order :: too many certificates (5) already issued for this exact set of domains in the last 168 hours: bullet-identity.ispgaya.pt: see Rate Limits - Let's Encrypt
Meu servidor web é (com versão):
windows server 2012
O sistema operacional no meu servidor web é (com versão):
O serviço de hospedagem do meu site (se aplicável) é:
Posso acessar um shell root na minha máquina (sim ou não, ou não sei):
sim
Uso um painel de controle para administrar meu site (não, ou indique o nome e a versão do painel de controle):
sim
Quanto tempo tenho de esperar para solicitar novo certificado?
Já consegui gerar, mas agora estou com outro problema.
Gerei para bullet-identity.ispgaya.pt sem problema. Estou a tentar gerar para bullet-api.ispgaya.pt e devolve o seguinte erro: "A primary Domain must be included"
@webprofusion I'm not familiar with this error ("a primary domain must be included"); would you mind giving advice or a pointer to documentation about this?
@rmfs o @webprofusion é o desenvolvidor da aplicação que você usou, e deve saber o que fazer aqui.
The error means you have tried to create a certificate without adding one or more domains to be included on the certificate. In your screenshot your arrow is pointing to the "Title" for the managed certificate (which could just as easily be "Customer Site 1" and is not the domain name). This is automatically set from the IIS site name but is not necessarily your actual domain, it's just a label.
When you select an IIS website from the dropdown list it would normally populate the list of domain bindings you have already setup for that website in IIS. Here is an example:
Note that you can enter them manually (Add domains to certificate:) but that's usually not required if the website is already setup in IIS, unless you have intentionally not set a hostname in your bindings (why?).
Please do provide further details on the certify community forum if you would like to. I'd need to see your existing IIS bindings for that site. The green text in the list suggests you have already assigned one or more https bindings to that site in IIS.
The normal process is:
Setup your site in with http bindings in IIS, set a hostname http binding in IIS for each hostname/domain you need on the same certificate.
In Certify The Web, click New Certificate > Select Site, your website domains set (in IIS) in the previous step will be read by the app and displayed under 'Domains and Subdomains to include'. Then you can click Request Certificate to order, validate, download and apply the certificate. Subsequent renewals will be automatic.
[Edit] Here is my sample http binding in IIS (I also have the https binding because Certify The Web has already set it up for me):
Thanks, so you first need to have an http binding for each site, so that the app knows which domains map to which website, the Site Name is not a real domain, it's just a label.
Select a single site in IIS manager (such as bullet-api.ispgaya.pt), then choose Bindings... from the menu. You need to have either an http or https binding with the Hostname set to your domain, like this:
Once a hostname matching your domain has been set, Certify The Web can pick up the domain and include it in your certificate - you may need to click the refresh button to see all the domains from your site bindings, like this:
The benefit of working this way is that the app can automatically match your new certificate to your website using the domain (hostname) from the IIS binding.
Did you mean to bind to port 4433? The normal port for https is 443.
On windows, you can bind multiple certificates to the same IP and port combinations as long as:
your https bindings are all set to use SNI (Server Name Indication)
all https bindings have a hostname/domain set
all https bindings have IP address set to All Unassigned
If you have an https binding that either doesn't have a hostname or has a specific IP , you will get certificate binding conflicts (and the wrong cert will be served for sites) because specific bindings take priority over less-specific bindings.
