Multi-domain wildcard certificate

Hi,
We have a requirement to use Multi-domain/Multi-level wildcard certificate for our domain(like ..xyz)
Please let us know if “Let’s Encrypt” provides such a certificate.
Any documentation about the implementation will be really helpful.

Thank You,
Rahul Revankar,
Operations Manager,
Jeeves Information Systems Pvt Ltd

1 Like

Hi @cloudops

you can create one certificate with a lot of domain names.

But *.*.xyz isn’t possible.

That’s not a Letsencrypt limit. That’s a general DNS limit.

A * is only allowed as first label.

Check

2 Likes

Hi,
To clarify, We need a Multidomain Wildcard certificate to secure multiple sub-domains.
For eg: A single wildcard certificate for domain.com, blog.domain.com, dev1.blog.domain.com.
More info can be found here : https://cheapsslsecurity.com/blog/how-to-secure-multi-level-subdomains

I checked the FAQ link, and found 2 questions:

Can I get a certificate for multiple domain names (SAN certificates or UCC certificates)?

Does Let’s Encrypt issue wildcard certificates?

Is it the same as our requirement?

Thank You.

1 Like

Hi,
Thanks for your reply.
But to clarify, our requirement is a Multidomain Wildcard SSL certificate which can secure multiple subdomains.
For eg : domain.com, blog.domain.com, dev1.blog.domain.com
More info : https://cheapsslsecurity.com/blog/how-to-secure-multi-level-subdomains/

I also checked the FAQ link and found two questions:

Can I get a certificate for multiple domain names (SAN certificates or UCC certificates)?

Does Let’s Encrypt issue wildcard certificates?

Is it the same as our requirement?

Thank You

Hi,
Thanks for your reply.
But to clarify, our requirement is a Multidomain Wildcard SSL certificate which can secure multiple subdomains.
For eg : domain.com, blog.domain.com, dev1.blog.domain.com
More info : https://cheapsslsecurity.com/blog/how-to-secure-multi-level-subdomains/

I also checked the FAQ link and found two questions:

Can I get a certificate for multiple domain names (SAN certificates or UCC certificates)?

Does Let’s Encrypt issue wildcard certificates?

Is it the same as our requirement?

Thank You

Definitely. You can also get SAN wildcard certificate.

For example: you can get a certificate for *.example.com, example.com, *.dev.example.com, *.test.com, test.com (as long as you prove your ownership through DNS validation)

P.S. this is definitely listed under FAQ…

2 Likes

The important distinction here is that Let’s Encrypt can issue certificates with wildcards covering multiple base domains, like in @stevenzhu’s example, but not multiple subdomain levels, like *.*.example.com in @JuergenAuer’s example. As Jürgen says, this is an Internet technology issue and not a Let’s Encrypt policy issue (no certificate authority is allowed to issue wildcard certificates for multiple subdomain levels).

3 Likes

@cloudops refers to a cheapsslsecurity faq that makes me curious…

It says that their…

multi-domain wildcard SSL certificate allows you to purchase a single SSL certificate, and add the above 7 sites as SANs (subject alternative names) to the SSL certificate.

It doesn’t sound like a magic cert that gets around the DNS limit somehow. It is just a standard wildcard cert that is also using the SAN record to get to the next level of subdomains.

Is this something that can be done with the Let’s Encrypt wildcard certs also?

It sounds like that would solve the issue for @cloudops.

That is exactly what @stevenzhu meant when he posted this:

SAN is already used when you have multiple domains in a certificate. It just works as described in this quote: multiple domains in the certificate, at most one wildcard in every domain.