Does wildcard SSL certificate covers root domain?

Does wildcard certificate also validates root domain?

There are few writings about "Does a wildcard certificate cover root domain"

According to these writings as per my understanding Single Wildcard * domain can have wildcard DNS names for multiple base domains, and can also mix in non-wildcard names
(e.g * and

Although I don't register base domain(, does SSL providers automatically add the root domain as a Subject Alternative Name to a wildcard SSL certificate?

so that I don't need to add additional root-domain(

Thank you


You need to generate a certificate for * and They can both be on the same certificate, but you do have to request both. There are some CAs that will only give you a certificate for the root and wildcard, but I don't know of any that let you make your own request, but then automatically amend it (and they shouldn't).


I think it is best to get exactly what you ask for (despite what may seem obvious).
[not for the CA to think they know more about what I need and change my request (in any way)]

Q1. How much trouble is it to add "" to the "*" request (if/when needed)?

Q2. What would happen when someone requests more than 50 wildcard entries on a single cert?
[there would be no room to include more than 50 more base domains into it]


Some CA's might automatically also include the root domain, but Let's Encrypt doesn't: you only get what you've asked for.


@maxh I edited your comment above to put the domain names within backticks for clarity.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.