Wildcard certificate
Limitations
- Only a single level of subdomain matching is supported in accordance with Template:IETF RFC.[1]
- wikipedia:Wildcard certificates do not valid for
*.example.com
orwww.example.com
andexample.com
. If you need a cert to work for example.com andwww.example.com
, you need to request a certificate withsubjectAltNames
so that you have "example.com" and "*.example.com".
- DNS-01 challenge must be used to issue/renew wilcard cerfificates, HTTP-01 challenge is not allowed[2] only available via ACMEv2
Activities
- Use Let's Encrypt
certbot
to request a wildcard certificate (since 2018[3]) - Renews your wilcard certificate:
certbot renew
Related terms
- RFC 2818
See also
- HTTP, HTTP client, HTTP/1.1, HTTP/2, HTTP/3, HTTPS, HSTS CSR, TLS, SSL,
openSSL
, WebSockets, WebRTC,ssl_certificate
QUIC, HPKP, CT, List of HTTP status codes, URL redirection, Content-type:, Webhook, HTTP headers,--insecure
, Axios HTTP client, HTTP cookies, HTTP ETag, Hypertext Transfer Protocol -- HTTP/1.1 - CA, Root Certificates, FreeIPA, PKI, OpenCA, Wildcard certificate,
certtool
,certbot
(Let's Encrypt),certinfo
(Cloudflare), ACME, Boulder,cfssl
(Cloudflare), Public key certificate, public key, TLS and X.509, OCSP, Subject Alternative Name (SAN),openssl ca
, Self signed certificate, CSR,keytool
, ACM, KMS,aws acm
, IdenTrust, multirootca, cert-manager, ca_cert_identifier - DNS: Linux DNS, IP,
systemd-resolve
,/etc/hosts
,whois
, Domain registrar,dig
,host
,nslookup
,scutil --dns
dnsmasq
,bind
,delv
,.local
,.internal, .onion
, FQDN, TTL,/etc/resolv.conf
,/etc/systemd/resolved.conf
,dscacheutil
(macOS),hostname, hostnamectl
,bind
,resolvectl status
, DNS sinkhole, Domain name server, LLMNR, Resource records:MX, TXT, NS
, CAA, SSHFP, Apex, CNAME, Wildcard DNS records, Subdomain, /etc/nsswitch.conf,1.1.1.1
,8.8.8.8, CoreDNS, dnsPolicy:
, Google Public DNS, DNS caches, Kubernetes ExternalDNS, DNS forwarding, IDNA2008, DNS-1035, Domain name registrars, Split-view DNS, Pi-hole, NextDNS
Advertising: