Existing https bindings in any web site linked to the previous certificate are updated to use the new certificate.
Hosts names which are determined to not yet have been covered by any existing binding, will be processed further.
All existing https bindings in source site whose hostnames match with the new certificate are updated
to use the new certificate. This happens even if they are using certificates issued by other authorities.
(Note that if you want to prevent this from happening, you can use the ‑‑excludebindings switch).
If no existing https binding can be found, a new binding is created.
It will create bindings on the specified installation site and fall back to the source site if there is none.
It will use port 443 on IP * unless different values are specified with the ‑‑sslport and/or
‑‑sslipaddress switches.
New bindings will be created or updated for matching host headers with the most specific match. E.g. if you
generate a certificate for a.b.c.com, the order of preference for the binding creation/change will be:
a.b.c.com
*.b.c.com
*.c.com
*.com
* (Default/empty binding)
If the certificate contains a wildcard domain, the order of preference will be:
*.a.b.c.com
x.a.b.c.com
In both cases, the first preferred option will be created from scratch if none of the later options
are available.
In some cases the plugin will not be able to (safely) add a new binding on older versions of IIS, e.g. due to
lack of support for SNI and/or wildcard bindings. In that case the user will have to create them manually.
Note that renewals will be automatic after this initial manual setup.
Ftp binding update algorithm
Any existing FTP sites linked to the previous certificate are updated to use the new certificate.
If the Default FTP settings refer to the previous certificate, the defaults are updated to the new certificate.
The target FTP site will be updated to use the new certificate. If no target is specified, the source site is considered to be the target.
Installing to multiple sites
Due to the logic described above, it’s never required to configure the IIS
installation step more than once to ensure succesful renewal of all bindings, regardless
of how many different sites you have. However, if you have a complicated scenario,
you may need to manually tune the bindings to your wishes after the initial run.
Command line
--installation iis
Activates the plugin
‑‑installationsiteid
Specify site to install new bindings to. Defaults to the source if that is an IIS site.
‑‑sslport
Port number to use for newly created HTTPS bindings. Defaults to 443.
‑‑sslipaddress
IP address to use for newly created HTTPS bindings. Defaults to *.