I’m using Server 2012r2 with MS Exchange and am having a problem but I’ll first describe the setup.
IIS starts off with a site called Default Web Site and, when you install Exchange, a number of subdirectories are created within that site for Exchange functionality like Autodiscover, Outlook Web Access, etc.
Since these are virtual subdirectories rather than separate websites, you need a SAN certificate for Exchange functionality -at a minimum autodiscover.yoursite.com but also perhaps owa.yoursite.com depending on how your server is setup.
I was able to create a SAN certificate simply by creating a port 80 http binding in the Default Web Site for whatever I wanted in the SAN name, e.g. bind autodiscover.yoursite.com to port 80 and, using Let’s Encrypt WinSimple, I can get a SAN certificate that includes autodiscover.yoursite.com bound to port 443.
This is all great except Exchange won’t work with multiple bindings to the same port in a website, meaning I have to go into my Default Web Site, create a bunch of subdirectory bindings, run Let’s Encrypt WinSimple, then go into my website and delete every port 80 and port 443 binding except for one of each because otherwise Exchange throws a million errors.
So my two questions: 1, is there some other way to go about creating the SAN certificate with my Exchange setup other than what I’ve been doing (creating the port 80 bindings then later deleting them)? And 2, am I going to have to do this every 90 days when the certificate expires or is making then deleting those bindings a one-time thing and my SAN certificate will renew just fine without them?