Now Trending:
Home
How to Configure SSL with Wildcard Certificates

How to Configure SSL with Wildcard Certificates

May 8, 2025

SSL is like a digital lock for your website. It keeps data safe between your users and your server. These days, if your site doesn’t have SSL, browsers warn visitors with scary red messages. Not cool.

I’ve had a few websites of my own, and setting up SSL was always part of the routine. But when I started hosting multiple subdomains, things got messy — until I found out about wildcard certificates.

A wildcard SSL certificate secures your main domain and all its subdomains. Think of it like a master key. Instead of needing a separate certificate for every door (or subdomain), one wildcard covers them all.

In this post, I’ll walk you through how to configure SSL with wildcard certificates. It’s not hard once you break it down.

What Is an SSL Certificate?

Let’s start with the basics.

SSL stands for Secure Sockets Layer. It’s a technology that encrypts the connection between your website and your visitors.

When SSL is working, your website:

  • Loads with https://
  • Shows a padlock in the browser
  • Keeps user data (like passwords) private

Without it, anyone snooping on the network (like on public Wi-Fi) can see what users type or do.

SSL uses certificates. These are digital files that prove your site is who it says it is — like a passport for your domain.

What Is a Wildcard Certificate?

A wildcard SSL certificate is a special kind of SSL certificate. It covers your main domain and any subdomain you want.

For example, with a wildcard for *.example.com, you can secure:

  • www.example.com
  • blog.example.com
  • shop.example.com
  • and more…

You don’t have to install a new certificate every time you create a new subdomain.

This saved me a lot of time when I was running a blog, a store, and a dashboard — all under the same domain.

When Should You Use a Wildcard Certificate?

If you only have one website, you don’t need a wildcard.

But if you manage lots of subdomains, a wildcard makes sense.

Good times to use a wildcard SSL:

  • You host multiple apps or services under the same domain.
  • You want to keep SSL setup simple and clean.
  • You change or add subdomains often.

Wildcard certificates keep things tidy. No need to juggle a bunch of separate certs like digital spaghetti.

How to Get a Wildcard SSL Certificate

There are a few ways to get one.

The two main types are:

  • Free wildcard SSL – Like from Let’s Encrypt (but needs DNS challenge)
  • Paid wildcard SSL – From certificate authorities (like Sectigo, DigiCert, etc.)

I usually go with Let’s Encrypt because it’s free and works well.

But to use Let’s Encrypt for wildcard SSL, you must do something called a DNS-01 challenge.

That means proving ownership of your domain by adding a special DNS record. It’s a little trickier than using HTTP-01 (which is easier but doesn’t support wildcards).

What You’ll Need

Before we begin, here’s what you’ll need:

  • A Linux server (Ubuntu or CentOS is fine)
  • A domain name (like example.com)
  • A wildcard DNS record (*.example.com)
  • Access to your DNS provider (like Cloudflare, Namecheap, or GoDaddy)
  • Certbot (Let’s Encrypt’s tool)
  • DNS API credentials (optional but makes things easier)

Step-by-Step: Install Wildcard SSL with Certbot and DNS Challenge

1. Install Certbot

First, install Certbot on your server.

For Ubuntu:

sudo apt update
sudo apt install certbot

For CentOS:

sudo yum install certbot

You may also need the DNS plugin for your provider. For example, with Cloudflare:

sudo apt install python3-certbot-dns-cloudflare

2. Get API Access (For DNS Automation)

Using Cloudflare? Create a token with permission to edit DNS.

Save it to a config file like this:

# ~/.secrets/cloudflare.ini
dns_cloudflare_api_token = YOUR_API_TOKEN

Then set file permissions:

chmod 600 ~/.secrets/cloudflare.ini

This tells Certbot where your token is.

3. Request the Wildcard Certificate

Now, let’s ask Let’s Encrypt for the wildcard certificate:

sudo certbot certonly \
  --dns-cloudflare \
  --dns-cloudflare-credentials ~/.secrets/cloudflare.ini \
  -d '*.example.com' -d example.com

The -d part includes your main domain and the wildcard.

Certbot will create the cert files and store them at:

/etc/letsencrypt/live/example.com/

These files include:

  • fullchain.pem – the certificate
  • privkey.pem – your private key

4. Configure Your Web Server

Let’s say you use Nginx.

Open your Nginx config file:

sudo nano /etc/nginx/sites-available/default

Make sure your SSL settings look like this:

server {
    listen 443 ssl;
    server_name example.com *.example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    location / {
        root /var/www/html;
        index index.html;
    }
}

Then restart Nginx:

sudo systemctl restart nginx

Boom. Your wildcard SSL is now working.

You can visit any subdomain and it will show the padlock.

Renewal

Let’s Encrypt certificates expire every 90 days. But Certbot can renew them automatically.

Run this to test it:

sudo certbot renew --dry-run

If that works, you’re good to go.

You can also add a cron job to automate it.

Funny (But Helpful) Tips

Let’s break things up with a few tech puns that might help you remember stuff:

  • Don’t let your SSL expire — it’s a cert-ain disaster.
  • A missing certificate? That’s a site for sore eyes.
  • If SSL setup scares you, just Let’s Encrypt your fears.

Okay, I’ll stop before things get too encrypted.

Three Benefits of Wildcard SSL

Here’s why I personally love wildcard certificates:

  • Less hassle – One cert for everything.
  • Great for devs – Use subdomains for testing, staging, etc.
  • Saves time – No repeating SSL setups for each subdomain.

Three Things to Watch Out For

A few lessons I learned the hard way:

  • DNS changes take time – Propagation delays can slow you down.
  • Wrong permissions break things – Make sure config files are secure.
  • Forgetting renewal is risky – Set up automation or reminders.

Three Comparison Points

Still not sure if wildcard SSL is for you?

Here’s a quick comparison with regular certs:

  • Wildcard SSL: One cert, covers all subdomains
  • Multi-domain SSL: One cert, but you must list each subdomain
  • Single-domain SSL: Only works for one name (like www.example.com)

Wildcard is best when you need flexibility. It’s like the Swiss Army knife of SSL.

Wrapping Up

Configuring SSL with wildcard certificates might sound scary, but it’s not. Once you understand the pieces — Certbot, DNS, and web server config — it all fits together.

I’ve done this for my own sites and for friends too. It saves a lot of time, especially when you’re working with apps like app.example.com, api.example.com, and docs.example.com.

The hardest part is the DNS challenge. But once that’s done, it’s smooth sailing.

SSL is like a seatbelt for your site. Wildcard SSL? That’s the seatbelt, airbag, and helmet all in one.

Tweet

Related Posts

Leave a Reply