SSL certificate change for branch deploy


According to the page [Support Guide] How to use Netlify’s branch deploy feature without Netlify DNS, I can request a change to the SSL for a branch deployment. Could I have the branch deploy be valid for

Also, do you know if it is possible to do this on a wildcard basis, e.g. issue as wildcard for *

Thanks again!

hi there, you will need to deploy a branch to that subdomain before we can extend the SSL cert first. I am asking to find out re: your question about wildcards - more info soon.

we can set a wildcard SSL cert for any subdomain, as long as you are using Netlify DNS.

this doesn’t happen automatically, but we can set this up for you manually.

There is already a branch deployed there, unless I am missing something.

I see many Deploy Previews, but no branch called “master” has actually been deployed on that site. The branch name must match the subdomain exactly in order for this to work.

We do not use git deployments, rather GitHub Actions that use a branch alias. So our “master” branch runs in CI and then deploys to

@laura @perry would you have any other advice here?

Hey @eliperelman,
I don’t think that will work:

First , please make certain the branch has deployed successfully - meaning both the build and deploy must happen successfully, on Netlify.

I tried to extend your cert to include the the branch subdomain, but as you can see when you try to visit, there is no site there and the cert is not valid :frowning:

I believe that this is because you’re not really deploying to that subdomain URL; we’re assigning that URL to the location of files you host through our service, so you’ll need to use our branch deploy feature in order for the branch subdomain and SSL to work.

Do you know if there is any other method for obtaining a wildcard cert for deployments that occur from CI? I feel like deploying from CI is pretty common, so I feel like I may be missing something. Our CI runs the command from the CLI to deploy our master branch via --alias master, and that feels like the correct route for this to work; is something missing?

SSL certificates for branch deploys happen automatically if you’re using Netlify DNS. If you’re not using Netlify DNS, the support team manually extends the certificate to include the new branches in the cert. In the second case, in order for the SSL verification to work, there must be a live site deployed at the URL before we extend the cert. In this case, there is no site at so we’re not able to complete the process.

The only thing that comes to mind for this to 1) work automatically 2) while not using Netlify DNS is possibly for you to bring your own custom wildcard cert for the sub-subdomain? I will check with my colleague on whether he thinks that’s feasible and get back to you this afternoon!

Hey @eliperelman,
We spent some on this case and the issue turned out not to be about SSL, but about the branch deploy feature- branch deploys have to be configured through the UI; we don’t currently support CLI branch deploys, which is why the cert stuff also wasn’t working. There is a feature request open internally and I’ve added your name to it.

An alternative, if the CLI is a key part of your workflow, would be to have a different Netlify site for each branch- you can use the same repo to deploy different sites… then, configure which branch is the “production” one in the UI, then set the sub-subdomain for that site in the site dashboard. Not ideal, but it’s possible today. Let us know if we can help with that setup or answer any other questions.

1 Like

That may be a reasonable solution, thank you! Do you know if there is a way I can easily duplicate the site so the settings are the same, or is it just manually copy-pasting?

Hi, @eliperelman. It would be just manual copy/paste. However, you could automate/script this using our API. For example, there is a js-client library for exactly this purpose:

You can also use other tools to make API calls (like curl or your own custom code). The js-client package is just one example of how site creation might be automated.

If there are other questions, please let us know.