Does a wild card SSL cover unlimited subdomains?

Hi All…quick question

Will the Lets Encrypt Wildcard SSL cover unlimited subdomains?

TIA
Neil

1 Like

Yes.

But one label only.

A certificate for *.example.com will not cover subsub.sub.example.com.

1 Like

Hey Peppe

Gotcha…so they are not limited to 100?

Just to be clear if there were over 1000 they would all be covered?

Many thanks
Neil

The 100 limit is on subject alternative names in the cert, and a wildcard usually has two.

Hmm that’s totally lost me as I don’t know what ‘subject alternative names’ are lol

It’s the technical term for the list of things (wildcards, regular names, or IP addresses [not supported by Let’s Encrypt]) covered by the certificate.

The web PKI has some weird terms.

In his instance the wildcard would be used to cover accounts (subdomains) created on a WP Multisite install: *.example.com with no subsub.sub.example.com would that be restriced to 100?

1 Like

It wouldn’t be restricted to 100.

1 Like

Thanks for that…and I’m guessing if I had say 15 similar sites all on their own IPs then each of those could have unlimited coverage via the Wildcard SSL too?

Yes.

There’s no reason to use more than one IP with modern software, though.

Cool

I think my Digitlocean droplet was setup with separate IPs for each main site but good to know.

Thanks for the input so far guys.

The 100 hostname restriction is only for the contents of the certificate. With a wildcard certificate, the "wildcard hostname" itself is just one entry in the certificate. It's literally a wildcard. It's the webservers job to see if a specific hostname is covered by perhaps one of the wildcards. It could even be random entries like <randomhash>.example.com without that random hash being known anywhere, not even in the certificate, by using a wildcard.
Let's Encrypt couldn't be able to tell if you'd use your wildcard certificate for 10 or 1000 different hostnames.

1 Like

Thanks for the Osiris, appreciate that and ‘think’ I understand :wink:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.