We are looking to install multiple SSL certificates on a site with multiple domains, This would potentially include a mix of wildcard, OV/EV and unique subdomain certificates.
However the Netlify portal under HTTPS only allows one certificate to be installed and used at one time, despite additional domains being configured for the site. Could someone please advise if multiple SSL certificates can be installed and configured for each domain and subdomain?
The documentation doesn’t seem to factor in a scenario like this…
A temporary solution we are using for the time being is a single evaluation certificate including the domains and wildcards as SANs.
Ideally a solution similar to Microsoft Azure’s Key Vault would be beneficial.
Netlify allows just 1 certificate. The certificate that we provide covers all the domains on that site.
By " The certificate that we provide " do you mean on a *.netlify.app subdomain?
We have a number of custom domains/subdomains that we would like to add to the same site but have separate SSL certificates.
If you use the Netlify managed Let’s Encrypt SSL certificate, they will cover the domains listed on the site. They will only provide wildcard certificates if you use Netlify DNS however (as their API requires a DNS based verification for wildcard certificates which only works if Netlify hosts the DNS).
Please note, Let’s Encrypt has a limit of 100 unique names per SSL certificate. All SSL providers (certificate authorities or CAs) limit the number of unique names per SSL certificate.
Then Netlify has a limitation of 1 SSL certificate per site. So, with the two limits considered together that limits a single site to a maximum of 100 unique domain names.
There are only two workarounds for this:
- use more than one site if you have more than 100 unique domains names to assign
- use the wildcard subdomain feature
Note, the wildcard subdomain feature allows wildcarding under a single domain name. For example, you can wildcard like so:
That above is all using a single level of subdomain under a single domain (
example.com). If you need to wildcard until more than one domain name or at more than one level person apex domain, that again requires multiple sites and you cannot wildcard on multiple domains (or multiple levels of subdomains) for a single site at this time.
While we do not recommend proxying to Netlify, it is possible to do so. Using a proxy service may allow the use of multiple SSL certificates for a single site at the proxy service which would allow working around the limitation of one certificate per site here.
If there are other questions about this, please let us know.
Are there any plans to change this in the near future? So that multiple SSL certificates can be installed?
No immediate plans at the moment, I’m afraid.