Multiple certs on multiple Windows IIS servers



I am very new to SSL certs in general and am trying to figure out if/how the following can be done with LetsEncrypt certs. The configuration is as follows:

SERVER A (dev server): NO CERT

SERVER B (production server): HAS SSL CERT

If it matters, I plan to use letsencrypt-win-simple. So. . .

  1. Given the fact that Server B already has a cert for, can I add a cert to Server A for

  2. If I end up adding a site called to server A, will I need to run letsencrypt-win-simple again to add a cert for this new site.
    2b. Is there an easy way to avoid doing so?

  3. If I ever need a cert for dev.myFakeSite on server A, is it correct to say I’ll need to run letsencrypt-win-simple again to generate a cert for that site (since it’s on a different domain than the other site on that server)?
    3b. Is there a way to avoid doing so? In other words, is there a way to run letsencrypt-win-simple once to catch all sites on the server - even in different domains?



Yes, “www” and “dev” are two completely separate FQDNs.

Yes, all changes (adds and removes) will need to generate a new cert.

Only “wild card” certs can overcome the addition of yet unknown names.
FYI: Wild Card certs are coming to LE in January 2018.

The question is rather confusing…
Server A has no certs - so, yes, you will have to obtain a cert to use a cert.
And the FQDN must be resolvable via global DNS.

In general, yes.
But this depends on the auth challenge methods used and even the IP to which the names resolve.
If they all resolve to the same IP, then you could generate all the certs (or one cert with all the names in it) from one system/server.


Very helpful (and quick)! Thanks so much!

And, sorry for the confusing question. In my head, I guess the questions were chronological, so a cert would’ve already been created in question 2.

I appreciate the help!



This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.