Multiple sites on one IIS Server using ACME

I have a Win Server 2008 R2 server running IIS. I am using ACME with Let’s Encrypt to try and install multiple certificates on my server. I had the operations team add CAA records to the DNS to allow for as the main uses Thawte.

The first certificate installed fine to I installed a few others before I noticed that things weren’t working correctly. To complicate things, I have an existing Thawte certificate for one of the sites which is with a SAN for The Thawte certificate stopped working and I noticed that always, only the most recent site worked with the let’s encrypt certificate. When I investigated further, I noticed that if the last certificate I installed was for, then all the previous certificates that I installed were changed to the, instead of

At this point, I have removed all the let’s encrypt certificates and got the cert working again (unfortunately, the SAN for is not working).

Is there a way to get this working for each site without overwriting the certificates for other sites?

Hi @heathers

it's not a certificate problem. It's the problem that you need Server Name Indication (SNI), but Win 2008 doesn't support SNI.

So if you have only one ip address, you can only use one certificate.

  • Add other ip addresses
  • update to Windows 2012 with SNI - support.
  • use only one certificate with all domain names. That may work, if your application can manage this.

…or, you can also insert a windows proxy that can handle the SNI.
Apache for Windows
NGINX for Windows

NOTE: IIS8(+) supports SNI.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.