starred/AutoACME
1
0
Fork 0
mirror of https://github.com/ridercz/AutoACME.git synced 2026-04-25 07:05:55 +03:00
Code Issues 6 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #4] Multiple domains (SAN) with one certificate #6

New issue
Open
opened 2026-02-26 21:31:03 +03:00 by kerem · 3 comments
kerem commented 2026-02-26 21:31:03 +03:00
Owner
Copy link

Originally created by @jjh71 on GitHub (Jan 9, 2018).
Original GitHub issue: https://github.com/ridercz/AutoACME/issues/4

At the moment I don't see a commandline option for supporting this, but it would be great!

Originally created by @jjh71 on GitHub (Jan 9, 2018). Original GitHub issue: https://github.com/ridercz/AutoACME/issues/4 At the moment I don't see a commandline option for supporting this, but it would be great!
kerem commented 2026-02-26 21:31:04 +03:00
Author
Owner
Copy link

@ridercz commented on GitHub (Jan 9, 2018):

SAN certificates are not supported on purpose. They do not make sense in AutoACME.

AutoACME is relying heavily on Centralized Certificate Store feature in IIS. This technology basically requires that each and every host name used has its own .pfx file. Supporting multiple host names per certificate would bring exactly nothing: CCS would still require separate file for each host name. It would just make things more complicated, because AutoACME would need to manage multiple files per host. It's far easier to just issue each host its own certificate.

<!-- gh-comment-id:356445486 --> @ridercz commented on GitHub (Jan 9, 2018): SAN certificates are not supported on purpose. They do not make sense in AutoACME. AutoACME is relying heavily on Centralized Certificate Store feature in IIS. This technology basically requires that each and every host name used has its own `.pfx` file. Supporting multiple host names per certificate would bring exactly nothing: CCS would still require separate file for each host name. It would just make things more complicated, because AutoACME would need to manage multiple files per host. It's far easier to just issue each host its own certificate.
kerem commented 2026-02-26 21:31:04 +03:00
Author
Owner
Copy link

@ridercz commented on GitHub (Feb 20, 2018):

In view of the recently entacted restriction of 20 certificates per domain I changed my position. It still does not make sense from IIS+CCS perspective, but it DOES make sense by allowing to get certificates for 2000 hosts instead of 20 hosts.

So I'll think about how I can implement this into AutoACME. Don't get your hopes too high, though. I maintain this project in my spare time, mainly to solve my personal requirements and this isn't one of them, so it does not have high priority. Of course, you are more than welcome to join the development efforts.

<!-- gh-comment-id:367100372 --> @ridercz commented on GitHub (Feb 20, 2018): In view of the [recently entacted restriction](https://letsencrypt.org/docs/rate-limits/) of 20 certificates per domain I changed my position. It still does not make sense from IIS+CCS perspective, but it DOES make sense by allowing to get certificates for 2000 hosts instead of 20 hosts. So I'll think about how I can implement this into AutoACME. Don't get your hopes too high, though. I maintain this project in my spare time, mainly to solve my personal requirements and this isn't one of them, so it does not have high priority. Of course, you are more than welcome to join the development efforts.
kerem commented 2026-02-26 21:31:05 +03:00
Author
Owner
Copy link

@avonwyss commented on GitHub (Nov 28, 2018):

The changes in #33 introduce basic SAN support as follows:

  • In the config file, the CommonName of hosts may now contain a list (space, comma or semicolon-separated) of hostnames. The first name will be the CN of the certificate, the others will be alternative names.
  • When exporting to PFX (and optionally PEM/CER) the same certificate file will be stored multiple times for each domain name. This enables the IIS centralized store to work correctly.
  • Manually creating SAN certificates works like this: autoacme addhost "example.com www.example.com"
  • While IISSync should not break with SAN certificates in place, it will currently not create SAN certificates on its own since it is not clear which hosts should be grouped together into one certificate (one per site maybe?).
<!-- gh-comment-id:442437883 --> @avonwyss commented on GitHub (Nov 28, 2018): The changes in #33 introduce basic SAN support as follows: - In the config file, the CommonName of hosts may now contain a list (space, comma or semicolon-separated) of hostnames. The first name will be the CN of the certificate, the others will be alternative names. - When exporting to PFX (and optionally PEM/CER) the same certificate file will be stored multiple times for each domain name. This enables the IIS centralized store to work correctly. - Manually creating SAN certificates works like this: `autoacme addhost "example.com www.example.com"` - While IISSync should not break with SAN certificates in place, it will currently not create SAN certificates on its own since it is not clear which hosts should be grouped together into one certificate (one per site maybe?).
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
dependabot/nuget/Portable.BouncyCastle-1.8.5.2
selfhost
v1.8.0
v1.7.0
v1.6.2
v1.6.1
v1.6.0
v1.5.3
v1.5.4
1.5.2
v1.5.1
v1.5.0
v1.4.1
v1.4.0
v1.3.0
v1.2.0
v1.1.0
v1.0.1
v1.0.0
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

No labels
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/AutoACME#6
No description provided.