Knowledge Base
MilesWeb / SSL Issues & FAQ

A Complete Guide to Wildcard Certificates

Approx. read time : 3 min

Since v.0.13.0, Wildcard certificates are supported by the FleetSSL cPanel plugin.

Definition of Wildcard Certificate

An SSL certificate valid for all subdomains of one or more domains is called as a wildcard certificate. The identification symbol of a wildcard certificate is an asterisk (*.) prefix on any of the names it is issued for, e.g. *, *

Why do I need an SSL Certificate?

As per our suggestion, majority of users don’t need wildcards. They are useful in the below instances:

  • You have several (10-100+) subdomains or combination of subdomains.
  • You have no idea about what subdomains will exist, e.g. when you dynamically give each user/customer their own subdomain, e.g. when you have a subdomain-based multi-site.
  • You create new subdomains regularly (at least on a monthly basis).
  • You are using a wildcard DNS record and require securing all possible domains using SSL.

Unless you requirement matches one or more of the listed, we recommend you to use a non-wildcard SSL. They are simple, act quickly to any issue and are safe to manage.

Related: How To Add A Wildcard DNS Record?


DNS Validation is required: Your DNS needs to be hosted with cPanel

As per the Let’s Encrypt policy, it is compulsory to use DNS-based validation for wildcard certificates.

This means that your domain needs to have its DNS hosted with cPanel’s nameservers, so that cPanel is able to create TXT records to demonstrate control of your domain. If your domain’s DNS is hosted externally, you won’t be able to issue wildcard certificates.

You will able to select the validation method when you go to your certificate issuance.

DNS Cluster Delays (For WHM administrators)

When DNS records get updated in cPanel, you won’t be able to see the changes immediately in the attached DNS cluster. This is because cPanel’s DNS is updated asynchronously.

The plugin will wait for 5 second by default after the completion of all the DNS modifications. Though being a fairly conventional delay, it may be adjusted for your specific hosting environment by altering the dns_challenge_delay_secs configuration parameter.

Steps to Issue a Wildcard Certificate

1. Open the Let’s Encrypt SSL interface:

In cPanel, go to the Lets Encrypt SSL interface and select the domain you want to issue certificate for.

2. Select the DNS validation method:

Please select an SSL validation method (all are automatic):

select validation method

3. Select which domains you would like wildcards for:

Tick the “Include Wildcard?” column for adding the wildcard variant of any domain to your certificate request. It is possible to include several combinations of wildcards and other domains as per your choice on a single certificate.

Note that, if you want the certificate to be valid for as well as *, you need to tick both ‘Include’ and ‘Include Wildcard?’ as the wildcard won’t match the domain by wildcard

4. Issue:

Click on the Issue button and wait.

If there is any failure, ensure to re-check that your domain is using your cPanel hosting service’s nameservers rather than being hosted externally (like as on Route53 or Cloudflare or at your domain registrar).

If still there is any doubt, you can contact us at MilesWeb hosting.

Pallavi is a Digital Marketing Executive at MilesWeb and has an experience of over 4 years in content development. She is interested in writing engaging content on business, technology, web hosting and other topics related to information technology.