I’m able to generate the certificate standard or SAN, they are correctly applied to the bindings, and everything works.
But when I create the SAN certificates (for 3 domains) and then I create the standard certificate for one site (all hosted by the same webserver, same IP), the standard certificate overrides the SAN certificate previously created. And it’s impossible to change them manually.
Better: the app letsencrypt.exe, correctly generates the two certificates, one SAN and one standard, but the second one is applied to the SAN site, so that calling the site I got the certificate error like: “The connection it’s not private. this certificate is not owned by this site (one of the SAN) but it’s owned by the other (the standard one)”. Even if I first create the standard and then the SAN, I got the same error.
How to create more than one certificates and apply them correctly the sites?
I would guess that the IIS bindings are incorrect.
Each site should have its’ own cert with corresponding binding.
Note: If multiple names will use the same site, you will need to get creative; as entering any hostname would cause problems with the other hostnames trying to access that same site:
You could try updating IIS version.
Not sure if that’s even possible without O/S upgrade, I can only find IIS 8.0 EXPRESS (not recommended)
OR (this is not a pretty solution)
You could introduce a reverse proxy on that same system; allowing you to run the individual sites on individualized IP:port combinations. (AKA FAKE SNI)
So you’re telling me no way on IIS7.0 ? I think should be a solution without reverse proxy, otherwise no IIS version would have ever worked before 8.0.
Before SNI people really had to deal with a lot of complicated workarounds, including getting extra IP addresses, or getting very large SAN certs so that clients would find the name they were looking for somewhere in the certificate. The lack of the SNI mechanism was definitely a big factor obstructing deployment of HTTPS.
