Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command: SAN certs for all bindings of multiple iis sites
It produced this output: paraphrasing:limit of 100 hosts per cert exceeded
My web server is (include version): IIS v4
The operating system my web server runs on is (include version): MS Win Server 2016 Standard 10.0.
My hosting provider, if applicable, is: n/a
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):no
Since I have a single assigned IP-num, and since IP-num to cert must be one-to-one, and since a cert cannot have more than 100 hosts and since I have nearly 200 hosts on my server…
I must ask my hosting provider for more IP-nums.
Is that correct?
Is there another solution?
Since 2003, it hasn’t been technically necessary to have separate IP addresses in order to use distinct certificates for distinct domain names.
As a result, there are many servers and hosting environments that have literally tens of thousands of domain names hosted on a single IP address, because the client can indicate which name it wants before the server chooses which certificate and private key to use in response. The server can then pick an appropriate certificate for the client’s request.
Unfortunately SNI software support was rather slow in coming to some software.
I believe you’ll need to upgrade to IIS 8 (2012) for server-side SNI support, or else use an SNI-aware reverse proxy in front of your IIS instance to terminate the TLS connections. Or get more IP addresses.