IIS Website with ~300 Domain Names

Hi, we have a specific IIS website where we have bindings for a couple hundred different domain names for different clients that connect to it (I know, I know, not my design).

We are evaluating Certify to automate certificate management for this website and these domains.

However looking at Lets Encrypt they limit the number of domain names on a cert to ~100.

Is there a way to have Certify register separate certificates for each domain but on the same website either natively with Certify or via Certify+scripting?

If not any suggestions for other Lets Encrypt tooling to automate this? I’m happy to string together some powershell scripts if necessary, but ultimately this will be managed by another person so I want it as easy as possible for them to be able to add more domain names in the future and get certificates setup and managed automatically.

Thanks folks!

Hi, that’s a little tricky but there are a couple of options:

  • use the CSV import option to create a managed certificate per domain fro a list you provide. This will result in 300 https bindings on that site and 300 certificates to be renewed. This is probably the easiest option but creates the most certificates. Some people also then script the addition of new domains as smaller CSV files. https://docs.certifytheweb.com/docs/csv-import.html
  • Manually create 3 managed certificates and check the domains to include. This is a lot of clicks and difficult to manage from a UI perspective, it’s also tricky when you decide to add more domains.

Technically there is also an API that the UI uses to talk to the background service, but this changes between versions and is not intended as a public API for general use.

OK awesome, sounds like this can be done with Certify then. The CSV import seems like a good option.

I reviewed the article on it but am not sure how I get it to issue a different cert for each domain. What would the csv formatting be for that?

0,Default Site,www.domain1.com,domain1.com
0,Default Site,www.domain2.com,domain2.com

Would this issue a separate cert for each domain but on the same website?