I am looking for what the correct syntax would be using letsencrypt.exe for creating a SAN certificate for the following:
domain.com, www.domain.com, ftp.domain.com, mail.domain.com, webmail.domain.com
I am running Server2012 R2 with IIS.
I’ve had very good results with letsencrypt.exe creating certificates for a single domain.com with a windows task scheduled to renew the certificates.
Certificate for Manual Site SAN (I)
letsencrypt.exe --san
some more details
Thanks for your reply.
I’ve been able to use letsencrypt.exe –san and obtain a certificate to domain.com and http://www.domain.com www.domain.com
However, I get errors when I use letsencrypt.exe –san and attempt to get a certificate issued for:
domain.com, http://www.domain.com www.domain.com, mail.domain.com, webmail.domain.com
Note: domain.com and http://www.domain.com www.domain.com are my website and mail.domain.com and webmail.domain.com are for my mail server.
I am guessing the domain.com and http://www.domain.com www.domain.com works because they are bound to the same IIS website.
While webmail.domain.com is a separate IIS website with mail.domain.com is for TLS/SSL for my mail server.
I am able to create a separate cert for webmail.domain.com because it is bound to an IIS website but cannot include mail.domain.com because it is not bound to a website but used only for the mail server.
Jim
Jim Mayfield
“Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote.”
–Benjamin Franklin
Hello,
As far as I understand your situation, I think you won’t receive any “mail.domain.com” certificate because it is not a regular IIS website. So LetEncyptWinSimple is not able to create the necessary verification files in the LetsEncrypt subfolder of the wwwroot.
I encounter the same situation with our mail server and solve it like this:
If your mail server is web based, you could consider place this rewrite rule in your web config
<rewrite>
<rules>
<rule name="LetsEncrypt" stopProcessing="true">
<match url="^\.well-known.*$" />
<action type="None" />
</rule>
<rule name="Vers https://mail.domain.com:451" patternSyntax="Wildcard" stopProcessing="true">
<match url="*" />
<action type="Redirect" url="https://mail.domain.com:451" />
</rule>
</rules>
</rewrite>
So it is really transparent for the users as when they uses mail.domain.com they are automatically redirected to https://mail.domain.com:451
Hope this wil help.
Regards,
Guy
Thanks for your reply.
This solution will resolve my problem.
Thank you again. Appreciate it greatly.
Jim Mayfield
“Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote.”
–Benjamin Franklin
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.