starred/win-acme-win-acme
1
0
Fork 0
mirror of https://github.com/win-acme/win-acme.git synced 2026-04-27 03:55:56 +03:00
Code Issues Projects Packages Wiki Activity
Page: IIS 7.5 and Lower
Pages
A specified logon session does not exist Advanced logging Advanced usage Apache 2.4 basic usage Application Logging Application Settings Azure DNS validation Basic usage CSR Plugins Command Line Arguments Command line Create a SAN certificate Custom plugins DNS validation plugins Development Enhancement voting Example Scripts HTTP Validation Plugins HTTPS Binding With Specific IP Home How To Run How to Compile From Source Code IIS 7.5 and Lower Install script Installation plugins Issues and workarounds Load balancing Microsoft Exchange Microsoft Remote Desktop Server Migration to v1.9.5 Migration to v1.9.9 Migration to v2.0.0 Missing Certificate Chain Plugins Renewal Management Store plugins Target plugins Task Scheduler Uninstall instructions Upgrades Validation issues Validation plugins web_config.xml
14 IIS 7.5 and Lower
Wouter Tinus edited this page 2019-03-25 09:10:09 +01:00
Table of Contents

Overview

SNI (Server Name Indication) support was added in IIS 8. It allows you to have multiple HTTPS certificates on the same IP address. Without it, you can only use a single certificate per IP address.

Options

If you want to have SSL for multiple sites with multiple domains with IIS 7.5 or lower all binded to the same IP address your choices are:

  1. Create a single certificate for all sites, which only works if there are less than 100 in total (that's the maximum Let's Encrypt will currently support)
  2. If they are sub domains of the same root, a wildcard certificate can be an options.
  3. Upgrade to IIS 8+

Configuring the IP Address Binding

When win-acme creates the binding for a new certificate, it will bind the wildcard (*) IP address by default. In other words, all IP addresses will be bound to the new certificate for HTTPS. This can be customized with the --sslipaddress switch from the command line.

If you have multiple IP addresses and want to bind different certificates to each, you must manually change the IP address for the SSL binding after installing a new certificate with win-acme. Thereafter, when renewing the certificate, win-acme will preserve the IP address of the binding.

.NET Requirements

.NET Framework 4.7.2 is a minimum system requirement, which means the program can run on Windows Server 2008 R2 SP1 or above. Some users have reported success running .NET Framework 4.7.2 and WACS on Windows Server 2008, though that is not supported by Microsoft.

Please refer to https://pkisharp.github.io/win-acme/ for up-to-date documentation.