Confusing on root domain with wildcard cert

Should a wildcard SSL certificate secure both the root domain as well as the sub-domains? - Server Fault

i have got a cert for *
and i found that (root domain) saying the identify can't be verified
my command:
./certbot-auto --server -d "*" --preferred-challenges=dns --manual certonly

Thanks very much.

1 Like

Hi @hldh214,

A wildcard certificate for * is not valid for You need to add that name as well by specifying two -d flags to Certbot like:

./certbot-auto --server -d "" -d "*" --preferred-challenges=dns --manual certonly

That will give you a certificate with two names: and * that will be valid for both the base domain and any first level subdomain.

Hope that helps!


But that requires verifying DNS txt record for twice. It will be better if ‘’ and ‘*’ valitations are combined.


Implementing validation that way is more difficult with our current codebase. Adding two TXT values to the DNS is certainly permitted and separating the authorizations for the base domain and the wildcard also allows for more flexibility in using a non-DNS-01 challenge for the base domain.

Thanks for the feedback but this is unlikely to change in the near term. I recommend you adjust your side accordingly and set both TXT values.


1 Like

Adding two records is acceptable. Thanks.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.