Letsencrypt.exe and SAN Certs? How Do I?


#1

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:multiple domains

I ran this command:letsencrypt

It produced this output:Not sure

My web server is (include version):IIS7.5

The operating system my web server runs on is (include version):Windows 7 Pro

My hosting provider, if applicable, is:me

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I want to install a SAN certificate, as IIS7.5 doesn’t support multiple certs. Every 90 days, my certs get scrambled because the Letsencrypt task runs, thinking it needs all eight domain certs.

So I want to get one SAN cert to cover all eight domains. Right now, only one domain can have a cert.

Can someone walk me through the process? I assume it’s a commandline suffix with Letsencrypt.exe?
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):unknown.


#2

Hi @Basspig

I don’t use this tool. But what’s the normal command you use?

To create a SAN certificate, add the other domain names.

IIS.7.5 doesn’t support SNI (Server Name Indication), so you must use one https binding with one certificate and 8 domain names.


#3

The main problem is IIS7.5 can’t do SNI.
[but you probably already know that]

The LE.exe command should allow for multiple names in the same request (SAN).
Try using:
--domains "site1.com,www.site1.com,site2.com,www.site2.com,..."

If that fails, try getting help from it:
letsencrypt.exe -help

[if all else fails, try also updating the LE.exe to latest version]