Standard SSL-certificates only ensure the security of one domain or a list of specific domain names.
Wildcard secures a domain and all its direct subdomains (Wildcard certificates are valid for the main domain + first-level subdomains. For example, the certificate for domain.tld will be valid for the following domain names: domain.tld, www.domain.tld, mail.domain.tld, anything.domain.tld, but will not be valid for git.anything.domain.tld).
Let's Encrypt Wildcard certificates features.
Let's Encrypt Wildcard certificates differ from other SSL-certificates in that they are free but valid only for 90 days.
To issue a Let's Encrypt Wildcard certificate it is required to confirm domain ownership by adding validation DNS records and be able to manage them.
To issue a certificate:
- Navigate to the Certificates section.
- Click "New certificate".
- In the window opened in the “Type” field choose "Let's Encrypt wildcard".
- Then choose a site to issue a certificate for and specify an Email address to receive notifications when the certificate is about to expire.
- Click "Continue".
A new window will open containing validation DNS records.
If DNS domain is managed by the panel, validation DNS records will be added automatically. Otherwise, DNS records have to be added manually.
Check DNS records availability.
Records availability can be manually checked with the help of nslookup or dig utilities if they are installed in your system.
Example of domain.tld records check:
nslookup -q=TXT _acme-challenge.domain.tld.
dig _acme-challenge.domain.tld TXT
If the output shows DNS records required to confirm domain ownership by the verification center, you may continue to the next step.
Click “Continue” and the panel will check DNS records availability and run the check on Let’s Encrypt side. If the check is successful you will receive a new certificate.
To renew a Let's Encrypt Wildcard certificate, just as to issue a new one, it is required to confirm domain ownership.
The panel can run this procedure only if it can manage DNS domain
In other cases, the panel will request validation records and will notify you about the necessity to add new records by sending a notification email to the address specified at the registration stage. The rest of the renewal process is similar to the initial certificate issue process.