Does Let's Encrypt refuse to issue certificate for a subdomain that already covered in a wild card certificate?


#1

Let’s say I have manually requested a wild card certificate from Let’s Encrypt, and that’s certificate is still active, say *.example.com.
Now I have a Traefik web server that will automatically request a certificate for a subdomain of the domain above (say subdomain.example.com) but Traefik would not do this.

So my question is that will Let’s Encrypt refuse to issue a certificate for a subdomain that already covered in a wild card certificate also issued by Let’s Encrypt?


#2

Hi @minhdanh

no, there is no automatic refuse. If a certificate is created, the job is done. So you can create a certificate *.example.com and later one with blog.example.com or other subdomains.

But: There are limits:

So if you have a lot of subdomain-certificates created (50 per week) or if you create 5 certificates with exact the same name ( blog.example.com ) in one week: Then you may hit a limit.


#3

I see. Thank you for making this clear.


#4

The other limit is that LE won’t issue the subdomain and the wildcard in the same cert. You can issue them separately though.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.