Wildcard SSL not applying to sub-domains - AWS lightsail

Our main domain has the wildcard SSL and is working fine.
How do we apply to the sub-domains
I followed the below URL to add the SSL to aws, but does not mention anything about subdomains which is second instance and has different IP.


Any help would be appreciated.

Unless you have a lot of instances, it would be simplest to get a second certificate for the second instance. To do that, you’d follow the instructions in pretty much the same way, on the second instance.

We recommend that you manage Let’s Encrypt certificates in a more automated way. When using manual DNS validation, you would have to manually renew your certificates and manually add and delete the validating TXT records every 2-3 months.

If you don’t need to use wildcards, consider using Certbot’s HTTP validation. If you really do need wildcards, you can automate DNS validation with an appropriate DNS service, ACME client and OS. Certbot has an Amazon Route 53 plugin that is easy to install on many OSes, but I don’t know if Lightsail provides proper Route 53 API access.

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

1 Like

Hi @sujatha-crown

if your main domain doesn't have subdomains: Why do you need a wildcard certificate?

Creating a certificate with


would be enough.

You can create max. 50 new certificates per domain name per week.

And you can use http-01 validation, a text file under /.well-known/acme-challenge.

So if you don't have too much subdomains, it may be easier to create explicit certificates.

PS: Your older thread:

Thank you for all your help and suggestions
I have qa instance as a sub-domain so I am trying to add the same wildcard certificate for that sub-domain.

Since QA instance is a sub-domain under the main domain, if I add new certificate I would need to add more txt records under the main domain. will it validate correctly ?


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.