Hi,
We have a requirement to use Multi-domain/Multi-level wildcard certificate for our domain(like ..xyz)
Please let us know if “Let’s Encrypt” provides such a certificate.
Any documentation about the implementation will be really helpful.
Thank You,
Rahul Revankar,
Operations Manager,
Jeeves Information Systems Pvt Ltd
Hi @cloudops
you can create one certificate with a lot of domain names.
But *.*.xyz isn't possible.
That's not a Letsencrypt limit. That's a general DNS limit.
A * is only allowed as first label.
Check
Hi,
To clarify, We need a Multidomain Wildcard certificate to secure multiple sub-domains.
For eg: A single wildcard certificate for domain.com, blog.domain.com, dev1.blog.domain.com.
More info can be found here : https://cheapsslsecurity.com/blog/how-to-secure-multi-level-subdomains
I checked the FAQ link, and found 2 questions:
Is it the same as our requirement?
Thank You.
Hi,
Thanks for your reply.
But to clarify, our requirement is a Multidomain Wildcard SSL certificate which can secure multiple subdomains.
For eg : domain.com, blog.domain.com, dev1.blog.domain.com
More info : https://cheapsslsecurity.com/blog/how-to-secure-multi-level-subdomains/
I also checked the FAQ link and found two questions:
Is it the same as our requirement?
Thank You
Hi,
Thanks for your reply.
But to clarify, our requirement is a Multidomain Wildcard SSL certificate which can secure multiple subdomains.
For eg : domain.com, blog.domain.com, dev1.blog.domain.com
More info : https://cheapsslsecurity.com/blog/how-to-secure-multi-level-subdomains/
I also checked the FAQ link and found two questions:
Is it the same as our requirement?
Thank You
Definitely. You can also get SAN wildcard certificate.
For example: you can get a certificate for *.example.com, example.com, *.dev.example.com, *.test.com, test.com (as long as you prove your ownership through DNS validation)
P.S. this is definitely listed under FAQ...
The important distinction here is that Let’s Encrypt can issue certificates with wildcards covering multiple base domains, like in @stevenzhu’s example, but not multiple subdomain levels, like *.*.example.com in @JuergenAuer’s example. As Jürgen says, this is an Internet technology issue and not a Let’s Encrypt policy issue (no certificate authority is allowed to issue wildcard certificates for multiple subdomain levels).
@cloudops refers to a cheapsslsecurity faq that makes me curious...
It says that their...
multi-domain wildcard SSL certificate allows you to purchase a single SSL certificate, and add the above 7 sites as SANs (subject alternative names) to the SSL certificate.
It doesn't sound like a magic cert that gets around the DNS limit somehow. It is just a standard wildcard cert that is also using the SAN record to get to the next level of subdomains.
Is this something that can be done with the Let's Encrypt wildcard certs also?
It sounds like that would solve the issue for @cloudops.
That is exactly what @stevenzhu meant when he posted this:
SAN is already used when you have multiple domains in a certificate. It just works as described in this quote: multiple domains in the certificate, at most one wildcard in every domain.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.