I have these sites: app.example.com api.example.com staff.example.com www.example.com / example.com
I used LetsEncrypt to generate free SSLs for each of the sites. Things seem to be fine except it seems that only one SSL cert is being served for all of the sites! I even removed and manually readded the SSL bindings to each of the sites and still had the same problem. I ended up removing all of the SSL certs except my API one and removed all of the SSL bindings except for the API Web Site, and bizarrely, I can still load the other sites as HTTPS even though I removed the SSL bindings for those Web Sites (the remaining SSL cert is of course showing for all of the sites still)! Wth? I thought you need the 443/SSL Bindings in order to even browse that site via https! I can confirm that these are all individual Web Sites, not Virtual Apps inside of a single Web Site. What am I missing? How can I get IIS to serv up the right cert for the right Web Site? This is a Azure VM running Win Server 2012 R2.
This can be done with Server Name Indication
From the IIS management interface, you can select each web site, and
Edit Bindings....In the pop-up window, select the
httpssite and theEdit...button. Fill in theHost name:field with the specific website host name, check theRequire Server Name Indicationand select the specific ceritificate to use for that site in theSSL certificatedropdown.This will allow you to host multiple secure sites on the same server. It is an improvement introduced in IIS v.8
You need to get a certificate that has all those names as subject names or a wildcard certificate. So, single certificate will be used for all of them. After that, you can configure each website with that certificate and SNI.