配置https服务器系列之三：windows服务器配置letsencrypt证书，多子域名配置

之前写了一篇“配置https服务器系列之二：windows服务器配置letsencrypt证书”，后来发现配置多个子域名会有问题。说说之前的解决方案：简单粗暴的分多次操作分别生成多个证书。这其实也没问题，问题在于：每当操作一次，他的定时自动更新任务就会删除以前所有的任务，只保留最后那个任务。比如你先生成了yourdomain.com，然后生成www.yourdomain.com，最后只有www.yourdomain.com会得到自动更新，而前面的yourdomain.com不会得到自动更新，这就有问题。

然后我一直在论坛寻找解决方法，什么keepexites都试了，没什么用，最后经过多方搜索，还是让我找到了真正的解决方案，感谢这篇文章的作者：

http://www.cnblogs.com/silin6/p/5931640.html。

下面贴下cmd：

C:\letsencrypt-win-simple>letsencrypt.exe --san
Let's Encrypt (Simple Windows ACME Client)
Renewal Period: 60
Certificate Store: WebHosting


ACME Server: https://acme-v01.api.letsencrypt.org/
Config Folder: C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simple\htt
psacme-v01.api.letsencrypt.org
Certificate Folder: C:\Users\Administrator\AppData\Roaming\letsencrypt-win-simpl
e\httpsacme-v01.api.letsencrypt.org


Getting AcmeServerDirectory
Enter an email address (not public, used for renewal fail notices): xxx@xx.c
om
Calling Register
Do you agree to https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf
? (Y/N)Y
Updating Registration
Saving Registration
Saving Signer


Scanning IIS Sites
 IIS Version not found in windows registry. Skipping scan.
No targets found.


 W: Generate a certificate via WebDav and install it manually.
 S: Generate a single San certificate for multiple sites.
 F: Generate a certificate via FTP/ FTPS and install it manually.
 M: Generate a certificate manually.
 A: Get certificates for all hosts
 Q: Quit
Which host do you want to get a certificate for: M
Enter a host name: yourdomain.com
Enter all Alternative Names seperated by a comma yourdomain.com,www.yourdomain.c
om
Enter a site path (the web root of the host for http authentication): C:\server\
nginx\xx


Authorizing Identifier yourdomain.com Using Challenge Type http-01
 Writing challenge answer to C:\server\nginx\ca\.well-known/acme-challenge/a9OHr
dhgVyi7Js40H8dwYHGgWtHgAPgq5JcYPppBi6E
 Answer should now be browsable at http://yourdomain.com/.well-known/acme-challe
nge/a9OHrdhgVyi7Js40H8dwYHGgWtHgAPgq5JcYPppBi6E
 Submitting answer
 Refreshing authorization
 Authorization Result: valid


Authorizing Identifier www.yourdomain.com Using Challenge Type http-01
 Writing challenge answer to C:\server\nginx\ca\.well-known/acme-challenge/YCgZe
Vn6be7dKyKqB2YmKWSEZx_6U34HNGqCMpbOlxQ
 Answer should now be browsable at http://www.yourdomain.com/.well-known/acme-ch
allenge/YCgZeVn6be7dKyKqB2YmKWSEZx_6U34HNGqCMpbOlxQ
 Submitting answer
 Refreshing authorization
 Refreshing authorization
 Authorization Result: valid


Requesting Certificate
 Request Status: Created
 Saving Certificate to C:\Users\Administrator\AppData\Roaming\letsencrypt-win-si
mple\httpsacme-v01.api.letsencrypt.org\yourdomain.com-crt.der
 Saving Issuer Certificate to C:\Users\Administrator\AppData\Roaming\letsencrypt
-win-simple\httpsacme-v01.api.letsencrypt.org\ca-0A0141420000015385736A0B85ECA70
8-crt.pem
 Saving Certificate to C:\Users\Administrator\AppData\Roaming\letsencrypt-win-si
mple\httpsacme-v01.api.letsencrypt.org\yourdomain.com-all.pfx
 Opened Certificate Store "My"
 Adding Certificate to Store
 Closing Certificate Store
 WARNING: Unable to configure server software.
 Opened Certificate Store "My"
 Removing Certificate from Store yourdomain.com 2016/11/29 9:8:56 下午
 Closing Certificate Store


Do you want to replace the existing letsencrypt-win-simple httpsacme-v01.api.let
sencrypt.org task? (Y/N)Y
 Deleting existing Task letsencrypt-win-simple httpsacme-v01.api.letsencrypt.org
 from Windows Task Scheduler.
 Creating Task letsencrypt-win-simple httpsacme-v01.api.letsencrypt.org with Win
dows Task Scheduler at 9am every day.


Do you want to specify the user the task will run as? (Y/N)N
 Removing existing scheduled renewal Manual yourdomain.com (C:\server\nginx\xx)
Renew After 2017/1/28
 Renewal Scheduled Manual yourdomain.com (C:\server\nginx\xx) Renew After 2017/1
/28
Press enter to continue.




到这里就设置好了，他只生成一套名为yourdomain.com的证书文件，这个证书文件可以用于你之前设定的各个子域名。更新的时候也只更新这一个即可。会自动更新。