Disabling Wildcard SSL

My domain (rasulkireev.com) is managed by Netlify. By default Netlify has enabled SSL/TLS certificates for all subdomains (i.e. *.rasulkireev.com).

I have set up a local network NAS with an NGINX Proxy Manager (NPM). To enable https connections NPM requires me to setup up a Let’s Encrypt SSL certificate through their platform.

Right now I can’t seem to do that and am getting ERR_CERT_INVALID in the browser. I came up with two solutions which I can’t seem to implement. I was hoping someone here can provide some feedback.

Option #1

Somehow download the certificate and the private key that have been generated by Let’s Encrypt and use those in my local deployments.

I’ve been searching around and haven’t found a way to do it. Only someone suggested to go to https://www.fairssl.net/en/ssltest/ and get it there. Unfortunately this is not possible.

Is there a way to export/download certificate ad the private key from Netlify?

Option #2

Disable SSL certificate creation for all subdomains (i.e * wildcard) and only generate on specific subdomains (i.e. www). I haven’t found a way to do that either.

Is that a possibility?

So, would either of these two options be possible to achieve? Thanks a ton in advance.

You can pursue the second option. For that, you’d have to delete the DNS zone from Netlify. Any domain using Netlify DNS gets a wildcard certificate, and any domain using external DNS would get a certificate only for the domains that are added to the site.

Thanks for the reply. I will try to do that. 2 questions though:

  1. Where will I be able to create subdomains other than Netlify if my domain name is managed by Netlify.

Here is what I have set in Namecheap:

As you can see Namecheap says that I will be able to create redirects only when I point nameservers to Namecheap ones, which I don’t want to do since Netlify hosts my www website.

  1. Out of curiosity, is there a reason the Solution 1 is not possible?

Hi, @rasulkireev. When I need to to this for a domain using Netlify DNS, I use certbot and the DNS verification option with that tool (using the option --preferred-challenges dns).

The certbot tool will prompt you when it is time to make the DNS record at Netlify like this:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.example.com with the following value:


Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Then make a DNS record at Netlify of the type TXT with a name of _acme-challenge and the value being the string given (which was SII9yM27mMu0QXUV3wPy7cObmFH2853TaLvic8GXtwE in that example above).

Once all DNS records are verified, the certbot tool will download the valid SSL certificate to the local (or remote) system that ran the certbot command. (It is then safe to immediately delete the TXT records are they are only used once and the same values won’t be used again.)

You can do this while hosting other sites on Netlify and continuing to use Netlify DNS. I love both Let’s Encrypt and the cerbot tool so please reply here if there are other questions about this.

Unfortunately I couldn’t figure out how to make this things work. I ended up migrating DNS management to Cloudflare. NGINX Proxy Manager support dns challenges from there natively. I just point my domains to netlify when needed.