SAN certificate


#1

I’m running an IIS7.5 and I need a SAN certificate for my domains.
Here is what I did.
I’ve installed an Ubuntu 14.4 as a virtual guest, installed letsencrypt and done a 1) manual installation. I typed my domains and then letsencrypt requrested a .well-known/acme-challenge/[XXXXXX] for each domain (which is a pain, BTW, but I hear Windows support is coming).
At the end I got only the certificate for the first domain (stored in /etc/letsencrypt/live/[DOMAIN]. I sortof expected a SAN certificate.
Then I converted PEM to PFX using openssl.

So, how do I get a SAN certificate?


#2

Hi @mihamarkic, thanks for helping test Let’s Encrypt. I’m sorry it isn’t working properly for you yet.

Could you be a little more specific about what you did when you “typed your domains”? Would you be willing to post log information from /var/log/letsencrypt?


#3

Hi there,

Sure, after starting manual installation I typed something like “domain1.com,www.domain1.com,domain2.com,www.domain2.com

Stupid question: how do I upload the log? Upload button in toolbar requires an image.


#4

Hi @mihamarkic, if the log isn’t incredibly long, you could type three backtick characters (the ` character) in a row, and then paste the log as text, and then three more backtick characters.

The pasted text will then be
monospaced inside your post,
something like this.

#5

No go. I get

Body is limited to 32000 characters; you entered 96774.
Sorry, new users can only put 2 links in a post.

Having a 90KB log.


#6

so you can post a link. try to make a pastebin and set it to unlisted so only ppl in here (or rather those with a link) can view it.

or upload it in your havorite cloud and share a link.


#7

Here letsencrypt.log


#8

Bump? Any obvious mistake I made?


#9

As far as I can tell, the log looks fine.

You get one certificate with multiple DNS entries which is stored under the name of the first entry, e.g.:

  openssl x509 -in /etc/letsencrypt/archive/test3.$DOMAIN/cert1.pem  -text -noout | grep DNS
                DNS:test3.$DOMAIN, DNS:test4.$DOMAIN

HTH!


#10

Oh, indeed, I’ve been misleaded. It works, it works :smile: