Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
PROBLEM: When I use the commonname field or let it default to the first IIS binding in the site list, then it will only validate correctly on https on the website with the commonname or the first binding. It doesn't like the other websites specified in the SAN part of the certificate.
When I create the certificates individually for multiple websites, then it will only validate correctly on the last certificate I added to the certificate store.
I would appreciate any guidance you all can provide on setting this up correctly on IIS 7.
My domain is: multiple domains on same host VM and IIS instance; americansbybirth.com and americansrestoringamerica.com for example
I ran this command:
C:\Users\scotsman\Downloads\win-acme.v2.2.2.1449.x64.trimmed>.\wacs.exe --source iis --siteid 11,15,58,25,30,24,26,27,47,29,52,53 --commonname "132.148.138.44"
1>site_cert.log 2>&1
It produced this output:
Unable to scan for services
A simple Windows ACMEv2 client (WACS)
Software version 2.2.2.1449 (release, trimmed, standalone, 64-bit)
Connecting to https://acme-v02.api.letsencrypt.org/...
Connection OK!
Scheduled task looks healthy
Please report issues at GitHub - win-acme/win-acme: A simple ACME client for Windows (for use with Let's Encrypt et al.)
Running in mode: Unattended
Common name 132.148.138.44 not found or excluded
Source plugin IIS was unable to generate options
I ran this command:
C:\Users\scotsman\Downloads\win-acme.v2.2.2.1449.x64.trimmed>.\wacs.exe --source iis --siteid 11,15,58,25,30,24,26,27,47,29,52,53 --commonname "americanbybirth.com"
1>site_cert.log 2>&1
It produced this output:
Unable to scan for services
A simple Windows ACMEv2 client (WACS)
Software version 2.2.2.1449 (release, trimmed, standalone, 64-bit)
Connecting to https://acme-v02.api.letsencrypt.org/...
Connection OK!
Scheduled task looks healthy
Please report issues at GitHub - win-acme/win-acme: A simple ACME client for Windows (for use with Let's Encrypt et al.)
Running in mode: Unattended
Source generated using plugin IIS: americanbybirth.com and 23 alternatives
Unable to scan for services
Overwriting previously created renewal
Unable to scan for services
Plugin IIS generated source americanbybirth.com with 24 identifiers
Plugin Single created 1 order
Renewing [IIS] SM America Birth (+11 others), (any host)
Downloading certificate [IIS] SM America Birth (+11 others), (any host)
Unable to scan for services
Store with CertificateStore...
Installing certificate in the certificate store
Adding certificate [IIS] SM America Birth (+11 others), (any host) @ 2023/3/21 22:18:52 to store My
Uninstalling certificate from the certificate store
Removing certificate [IIS] SM America Birth (+11 others), (any host) @ 2023/3/20 13:12:08 from store My
Scheduled task looks healthy
Next renewal due at 2023/5/15 22:18:57
Certificate [IIS] SM America Birth (+11 others), (any host) created
My web server is (include version): IIS Version 7
The operating system my web server runs on is (include version): A VM running Windows Server 2008 R2
My hosting provider, if applicable, is: godaddy
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): win-acme compiled version 2.2.2.1 (latest)