I am very new to SSL certs in general and am trying to figure out if/how the following can be done with LetsEncrypt certs. The configuration is as follows:
If it matters, I plan to use letsencrypt-win-simple. So. . .
Given the fact that Server B already has a cert for www.mySite.com, can I add a cert to Server A for dev.mySite.com?
If I end up adding a site called dev2.mySite.com to server A, will I need to run letsencrypt-win-simple again to add a cert for this new site.
2b. Is there an easy way to avoid doing so?
If I ever need a cert for dev.myFakeSite on server A, is it correct to say I’ll need to run letsencrypt-win-simple again to generate a cert for that site (since it’s on a different domain than the other site on that server)?
3b. Is there a way to avoid doing so? In other words, is there a way to run letsencrypt-win-simple once to catch all sites on the server - even in different domains?
Yes, "www" and "dev" are two completely separate FQDNs.
Yes, all changes (adds and removes) will need to generate a new cert.
Only "wild card" certs can overcome the addition of yet unknown names.
FYI: Wild Card certs are coming to LE in January 2018.
The question is rather confusing...
Server A has no certs - so, yes, you will have to obtain a cert to use a cert.
And the FQDN must be resolvable via global DNS.
In general, yes.
But this depends on the auth challenge methods used and even the IP to which the names resolve.
If they all resolve to the same IP, then you could generate all the certs (or one cert with all the names in it) from one system/server.