Generate same certificate a second time

Hi,

Perhaps a strange question: Can I generate my LE certificate a second time for an Exchange server clone or does LE not allow this?

Background: I am currently installing an Exchange 2019 while the old 2013 is still productive. The new server has the same FQDN and serves the same mail domains so that I don't have to change anything in the environment (DNS, certificates, etc.).

Of course, the two servers are never connected to the network at the same time. While I am installing and configuring the new server, the productive server is disconnected.

If I now run the ACME client (WIN-ACME) with the same input on the new server - will LE then go bad?

Thanks for a hint,
Stefano

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:kgb.koeln

I ran this command: wacs.exe

It produced this output: -

My web server is (include version): IIS 10

The operating system my web server runs on is (include version): Windows Server 2022 Core

My hosting provider, if applicable, is: On premise

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): ?? (ACMEv2 ?)

You could run afoul of the rate limits (5/week), but yes, you can have two certificates for the same domain name.

3 Likes

You can also copy the certificate and key from one machine to the other.

5 Likes

@9peppe @jvanasco

Thanks for input!
I just ran the win-acme client and certificate can be seen in EAC on new server. But I cannot add SMTP service to it (IIS service works without problem). When I tick SMTP and click ok nothing happens, no message, and SMTP remains unselected. Any idea why this is?

May be a clue: When I start MMC on the old server and try to export the letsencrypt certificate it says "Cannot export private key, it is not marked as exportable". When I do the same on the new server with freshly installed certificate it says "Cannot export private key - key not found". I'm stuck for now, any idea guys?

Thanks
Stefano

I have no experience at all with Windows servers, but there's usually no reason for SMTP to share a domain name with a webserver (at most, you'd use it to run a webmail on ports 80/443 of your mail server, but you have two servers).

SMTP servers usually only need a certificate for their own hostname (the address you put in your MX records)

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.