Wildcard SSL Domains

3 min read Updated 2 weeks ago

Wildcard SSL Domains

Wildcard SSL certificates allow you to secure unlimited subdomains under a single domain with one certificate.

What are wildcard SSL certificates?

A wildcard certificate (*.example.com) automatically secures:

  • app.example.com
  • staging.example.com
  • api.example.com
  • Any other subdomain you create

How it works

  1. Add wildcard domain: Enter your wildcard domain (*.example.com) in your application settings
  2. Configure DNS: Add a CNAME record for certificate validation
  3. Verify and activate: Ploi Cloud verifies your DNS and creates the certificate
  4. Deploy: Redeploy your application to activate the wildcard domain

Setting up wildcard SSL

Step 1: Add your wildcard domain

In your application's Settings tab, find the "Wildcard domains" section and add your domain in the format *.example.com.

Step 2: Configure DNS records

You need to create two DNS records:

For certificate validation (required):

_acme-challenge.example.com → acme.ssl-ploi.cloud (CNAME)

For routing traffic to your application (required):

*.example.com → your-app.test.ploi.it (CNAME)

Step 3: Verify and activate

Once DNS is configured:

  1. Click "Check DNS" to verify your records are correct
  2. Click "Verify & activate" to create the SSL certificate
  3. Redeploy your application to enable the wildcard domain

Important notes

  • One wildcard per application: Each application can have only one wildcard domain
  • Weekly limits: Teams are limited to 5 wildcard domains per week
  • DNS propagation: DNS changes can take up to 48 hours to propagate
  • Certificate renewal: Certificates are automatically renewed before expiration as long as the DNS records are correct.

Troubleshooting

DNS verification fails:

  • Ensure the CNAME record exactly matches the required format
  • Wait for DNS propagation (can take up to 48 hours)
  • Remove any trailing dots from DNS records

Certificate not working:

  • Verify the CNAME record is active
  • Redeploy your application after verification
  • Check that your wildcard domain format is correct (*.example.com)

Subdomains not working:

  • Ensure the wildcard DNS record (*.example.com) points to your application
  • Verify the certificate is active in your application settings
  • Check that subdomains resolve to the correct IP address
  • Wait for DNS propagation (can take up to 48 hours)

Let's Encrypt certificate validation fails:

  • If you're using a custom domain with an AAAA (IPv6) record, ensure your domain is accessible via IPv6
  • Ploi Cloud load balancers currently only support IPv4. If Let's Encrypt chooses IPv6 for validation and your domain has an AAAA record pointing to an unreachable IPv6 address, the validation will fail
  • Solution: Remove the AAAA (IPv6) record from your domain's DNS settings if you're experiencing persistent certificate validation failures
  • Keep only the A (IPv4) record pointing to the load balancer IP address