Since v.0.13.0, Wildcard certificates are supported by the FleetSSL cPanel plugin.
Definition of Wildcard Certificate
An SSL certificate valid for all subdomains of one or more domains is called as a wildcard certificate. The identification symbol of a wildcard certificate is an asterisk (*.) prefix on any of the names it is issued for, e.g. *.example.org, *.staging.example.org
Why do I need an SSL Certificate?
As per our suggestion, majority of users don’t need wildcards. They are useful in the below instances:
- You have several (10-100+) subdomains or combination of subdomains.
- You have no idea about what subdomains will exist, e.g. when you dynamically give each user/customer their own subdomain, e.g. when you have a subdomain-based multi-site.
- You create new subdomains regularly (at least on a monthly basis).
- You are using a wildcard DNS record and require securing all possible domains using SSL.
Unless you requirement matches one or more of the listed, we recommend you to use a non-wildcard SSL. They are simple, act quickly to any issue and are safe to manage.
DNS Validation is required: Your DNS needs to be hosted with cPanel
As per the Let’s Encrypt policy, it is compulsory to use DNS-based validation for wildcard certificates.
This means that your domain needs to have its DNS hosted with cPanel’s nameservers, so that cPanel is able to create TXT records to demonstrate control of your domain. If your domain’s DNS is hosted externally, you won’t be able to issue wildcard certificates.
You will able to select the validation method when you go to your certificate issuance.
DNS Cluster Delays (For WHM administrators)
When DNS records get updated in cPanel, you won’t be able to see the changes immediately in the attached DNS cluster. This is because cPanel’s DNS is updated asynchronously.
The plugin will wait for 5 second by default after the completion of all the DNS modifications. Though being a fairly conventional delay, it may be adjusted for your specific hosting environment by altering the dns_challenge_delay_secs configuration parameter.
Steps to Issue a Wildcard Certificate
1. Open the Let’s Encrypt SSL interface:
In cPanel, go to the Lets Encrypt SSL interface and select the domain you want to issue certificate for.
2. Select the DNS validation method:
Please select an SSL validation method (all are automatic):
3. Select which domains you would like wildcards for:
Tick the “Include Wildcard?” column for adding the wildcard variant of any domain to your certificate request. It is possible to include several combinations of wildcards and other domains as per your choice on a single certificate.
Note that, if you want the certificate to be valid for mail.l33t.website as well as *.mail.l33t.website, you need to tick both ‘Include’ and ‘Include Wildcard?’ as the wildcard won’t match the domain by itself.
Click on the Issue button and wait.
If there is any failure, ensure to re-check that your domain is using your cPanel hosting service’s nameservers rather than being hosted externally (like as on Route53 or Cloudflare or at your domain registrar).
If still there is any doubt, you can contact us at MilesWeb cPanel hosting.