SAN certificate

mihamarkic · October 27, 2015, 8:18pm

I’m running an IIS7.5 and I need a SAN certificate for my domains.
Here is what I did.
I’ve installed an Ubuntu 14.4 as a virtual guest, installed letsencrypt and done a 1) manual installation. I typed my domains and then letsencrypt requrested a .well-known/acme-challenge/[XXXXXX] for each domain (which is a pain, BTW, but I hear Windows support is coming).
At the end I got only the certificate for the first domain (stored in /etc/letsencrypt/live/[DOMAIN]. I sortof expected a SAN certificate.
Then I converted PEM to PFX using openssl.

So, how do I get a SAN certificate?

schoen · October 27, 2015, 9:11pm

Hi @mihamarkic, thanks for helping test Let’s Encrypt. I’m sorry it isn’t working properly for you yet.

Could you be a little more specific about what you did when you “typed your domains”? Would you be willing to post log information from /var/log/letsencrypt?

mihamarkic · October 27, 2015, 9:32pm

Hi there,

Sure, after starting manual installation I typed something like “domain1.com,www.domain1.com,domain2.com,www.domain2.com”

Stupid question: how do I upload the log? Upload button in toolbar requires an image.

schoen · October 28, 2015, 12:17am

Hi @mihamarkic, if the log isn’t incredibly long, you could type three backtick characters (the ` character) in a row, and then paste the log as text, and then three more backtick characters.

The pasted text will then be
monospaced inside your post,
something like this.

mihamarkic · October 28, 2015, 9:25am

No go. I get

Body is limited to 32000 characters; you entered 96774.
Sorry, new users can only put 2 links in a post.

Having a 90KB log.

My1 · October 28, 2015, 9:28am

so you can post a link. try to make a pastebin and set it to unlisted so only ppl in here (or rather those with a link) can view it.

or upload it in your havorite cloud and share a link.

mihamarkic · October 28, 2015, 9:29am

Here letsencrypt.log

mihamarkic · October 31, 2015, 10:51am

Bump? Any obvious mistake I made?

germeier · October 31, 2015, 11:15am

As far as I can tell, the log looks fine.

You get one certificate with multiple DNS entries which is stored under the name of the first entry, e.g.:

  openssl x509 -in /etc/letsencrypt/archive/test3.$DOMAIN/cert1.pem  -text -noout | grep DNS
                DNS:test3.$DOMAIN, DNS:test4.$DOMAIN

HTH!

mihamarkic · October 31, 2015, 11:07pm

Oh, indeed, I’ve been misleaded. It works, it works