Wildcard certificate

jehoshua-shey · July 10, 2023, 11:25am

My netlify sitename is https://relaxed-longma-9e5900.netlify.app/

My custom domain is mediafuseagency.com and it managed by netlify DNS

I have a subdomain blog.mediafuseagency.com. It is a website that is not hosted on netlify but there is a DNS record for it on netlify pointing to the IP provided by the host.

My subdoman has no SSL certificate. I want to know if it is covered by my wildcard certificate.

SamO · July 10, 2023, 6:48pm

Hi, a prerequisite for a wildcard enablement is that you are on a Pro tier or higher. Secondly if your DNS is not managed by Netlify the SSL certificate will not be created automatically for your wildcard subdomain.

jehoshua-shey · July 10, 2023, 6:51pm

my DNS at my domain registrar (namecheap) is pointed to netlify nameservers -

dns1.p01.nsone.net
dns2.p01.nsone.net
dns3.p01.nsone.net
dns4.p01.nsone.net

SamO · July 10, 2023, 6:54pm

Yes but wildcard needs to be enabled for your account to begin with and it’s not because you are not on a Pro tier. Wildcard subdomains aren’t enabled by default and can only be enabled from our end. There are also a few requirements before we’re able to do so:

Either you have to use Netlify DNS so we can get you a wildcard SSL cert, or you must bring a custom wildcard certificate.
We can only do this for a site that’s on a paid team (see Netlify Pricing and Plans for details)

Also note:

You can’t use domain aliases on the site with Wildcard subdomains enabled, just the bare domain and subdomains under your primary domain. If you try to add a domain alias then it won’t work.
The primary custom domain for the site, if it is a example.com with www.example.com setting in our UI, must be www.example.com and not example.com!

Once the wildcard subdomain feature is enabled, you do not need to add new subdomains under the site settings. You’ll will need still need to create DNS records.

This might be a single wildcard DNS record for all subdomains (like a CNAME for *.example.com pointing to the netlify.app subdomain for the site). Alternatively, you can also create the individual DNS records to add each subdomain (like CNAMEs for subdomain-a.example.com, subdomain-b.example.com, etc.) as covered in our external DNS documentation. Both work so please do whichever you prefer.

Let us know which site and we’ll verify that it meets the requirements and get that set up for you.

jehoshua-shey · July 10, 2023, 7:03pm

the sites are

mediafuseagency.com - root domain

blog.mediafuseagency.com - subdomain

https://relaxed-longma-9e5900.netlify.app/ - netlify app (for root domain only, subdomain is hosted on digital ocean)

luke · July 11, 2023, 12:16am

Hi, @jehoshua-shey. SSL/TLS is provided by the HTTP service and not the DNS service.

Netlify only provides the DNS service for blog.mediafuseagency.com and not the HTTP service because the DNS record you made for that domain name points to an HTTP server that Netlify does not control. The HTTP server for that domain is controlled by DigitalOcean and, for this reason, DigitalOcean must provide the SSL for that domain.

If there are other questions about this, please let us know.

Topic		Replies	Views
Manage Netlify's SSL Certificate Domains Support netlify-dns-https-ssl , netlify-newbie	3	508	December 7, 2023
Unable to Get Wildcard Subdomains Working on Free Plan with Custom Domain Support netlify-dns-https-ssl , redirects	1	61	October 8, 2024
Wildcard DNS subdomain setup Support netlify-dns-https-ssl	3	90	September 17, 2024
Wildcard SSL certificate for subdomains (branch subdomains) Support deployment , netlify-dns-https-ssl	2	1176	August 24, 2020
Disabling Wildcard SSL Support netlify-dns-https-ssl	4	1131	December 23, 2022

Wildcard certificate

Related topics