Have really struggled trying to figure this out. Need *.domainname.com as well as domainname.com to work for the same site in IIS 10.
My IIS site is a wildcard site and it catches everything but I get privacy errors if trying to browse without a hostname. Seems this should be allowed???
Hi, so if the list of domains you add to the certificate are:
*.domainname.com
'domainname.com`
This will cover requests to https://domainname.com and https://www.domainname.com etc (but not further nested subdomains like https://sub.domain.domainname.com)
When you get your cert applied to your site and access it as https you can still get other warnings if your content still refers to http (not https) resources or if you are attempting to browse to any other domain not included in the certificate
Additionally it’s possible to have gotten your bindings confused with other certificates (common if you use try to use fixed IP addresses on Windows - it’s only one cert per IP unless you use all-SNI bindings for that IP.)
Thanks. I will need to try this again during a maintenance window. I feel fairly confident our cert is setup correctly. We have *.domainname.com as well as domainname.com on the same cert with *. as the primary. I did try clicking the checkbox for SNI on the domainame.com binding, and it did nothing, but did not try having that checked for both bindings. Both 443 bindings are pointing to the same cert. I will follow up if you having SNI checked for both bindings fixed the problem
Ah, that gets me thinking - you shouldn’t have to touch any SNI checkboxes anywhere, it should generally be the default/automatic options if your http bindings have host (domain) names set.
There was a bug raised the other day regarding wildcards in IIS bindings - if you literally have a ‘’ hostname binding in IIS it will try to mark it SNI even though that’s not a valid setting for '’. If so, remove the ‘*’ from the hostname box in the IIS bindings - the site will still match all requests on the given port/IP selection to that IIS site.