Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
The operating system my web server runs on is (include version):
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):IIS
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Customer wants to make an application available via external web that is running on the midsouthdonor.org webserver and it needs a cert. They already have a wildcard cert for midsouthtransplant.org
From what I've read on here, one cert (reissued to include both domains) will work.
My question is, what will happen with the autorenew?
If both domains are hosted on separate IP addresses and different servers (which I believe is the case currently), then it's probably way more easy to just get two separate certificates. I.e., just get a new one for the other domain.
Technically, it's certainly possible. But why? Because if you want to do it properly, you'd need to issue a single certificate for both hostnames on server A and then securely transfer that certificate with the corresponding certificate to server B and somehow make it work with the webserver on that server. And preferably everything is automated. Which is probably going to be a hassle. (And I have no clue where to begin on Windows.)
Alternatively, you could get a certificate for both hostnames on server A, thus having a certificate with a useless second hostname and get a separate certificate for both hostnames on server B, also with a useless second hostname. But both certificates would have both hostnames included.. But that doesn't make much sense. It's not like both hostnames would be prominently displayed to the user or something like that.
I'm not clear on what the question is. Do you want to share a single cert between two servers?
Each server can take care of it's own renewals, or you can share a single cert between multiple servers using the windows CCS (Centralized Certificate Store) feature where you copy the cert to a UNC share and set your IIS binding to use CCS. Then when the cert renews IIS automatically picks up the latest files. If you use a tool like https://certifytheweb.com (which I develop) you can use a Deploy to CCS deployment task (under Tasks) to facilitate that. Other tools are available which can also be used to do this.
As you are getting a wildcard you will be using DNS domain validation. So any server can renew the cert for themselves and it's not reliant on HTTP domain validation.
Note that IIS servers can host many sites under different domain names (either all different sites or the same site with different names), that may be obvious but it's not clear what level of experience you are coming from.