Difference between revisions of "Wildcard certificate"

wikipedia:Wildcard certificates

Limitations

• Only a single level of subdomain matching is supported in accordance with Template:IETF RFC.^[1]

• wikipedia:Wildcard certificates do not valid for *.example.com or www.example.com and example.com. If you need a cert to work for example.com and www.example.com, you need to request a certificate with subjectAltNames so that you have "example.com" and "*.example.com".

• DNS-01 challenge must be used to issue/renew wilcard cerfificates, HTTP-01 challenge is not allowed^[2] only available via ACMEv2

Activities

• Use Let's Encrypt certbot to request a wildcard certificate (since 2018^[3])
• Renews your wilcard certificate: certbot renew

Related terms

• RFC 2818

See also

• HTTP, HTTP client, HTTP/1.1, HTTP/2, HTTP/3, HTTPS, HSTS CSR, TLS, SSL, openSSL, WebSockets, WebRTC, ssl_certificate QUIC, HPKP, CT, List of HTTP status codes, URL redirection, Content-type:, Webhook, HTTP headers, --insecure, Axios HTTP client, HTTP cookies, HTTP ETag
• CA, FreeIPA, PKI, OpenCA, Wildcard certificate, certtool, certbot (Let's Encrypt), certinfo (Cloudflare), ACME, Boulder, cfssl (Cloudflare), Public key certificate, public key, TLS and X.509, OCSP, Subject Alternative Name (SAN), openssl ca, Self signed certificate, CSR, keytool, ACM, KMS, aws acm, IdenTrust, multirootca, cert-manager
• DNS: Linux DNS, IP, systemd-resolve, /etc/hosts, whois, Domain registrar, dig, host, nslookup, scutil --dns dnsmasq, bind, delv, .local, .internal, .onion, FQDN, TTL, /etc/resolv.conf, /etc/systemd/resolved.conf, dscacheutil (macOS), hostname, hostnamectl, bind, resolvectl status, DNS sinkhole, Domain name server, LLMNR, Resource records:MX, TXT, NS, CAA, SSHFP, Apex, CNAME, Wildcard DNS records, Subdomain, /etc/nsswitch.conf, 1.1.1.1, 8.8.8.8, CoreDNS, dnsPolicy:, Google Public DNS, DNS caches, Kubernetes ExternalDNS, DNS forwarding, IDNA2008, DNS-1035, Domain name registrars, Split-view DNS