{"id":135,"date":"2026-05-26T21:42:23","date_gmt":"2026-05-26T21:42:23","guid":{"rendered":"https:\/\/hostandtech.com\/kb\/ssl\/wildcard-ssl-certificates-explained\/"},"modified":"2026-05-26T21:42:23","modified_gmt":"2026-05-26T21:42:23","slug":"wildcard-ssl-certificates-explained","status":"publish","type":"post","link":"https:\/\/hostandtech.com\/kb\/ssl\/wildcard-ssl-certificates-explained\/","title":{"rendered":"Wildcard SSL Certificates Explained: What They Cover, What They Don&#8217;t, and When to Use One"},"content":{"rendered":"<h2>Overview<\/h2>\n<p>A wildcard SSL certificate secures one domain and all of its first-level subdomains using a single certificate. Instead of issuing separate certificates for <code class=\"\" data-line=\"\">shop.example.com<\/code>, <code class=\"\" data-line=\"\">blog.example.com<\/code>, and <code class=\"\" data-line=\"\">mail.example.com<\/code>, you install one wildcard SSL and all three are covered automatically. The wildcard part is the asterisk in the certificate&#8217;s common name: <code class=\"\" data-line=\"\">*.example.com<\/code>.<\/p>\n<p>You&#8217;ll typically run into this topic when you&#8217;re scaling a site that&#8217;s outgrown its original structure. Maybe you started with a single WordPress install and now you&#8217;re spinning up subdomains for client portals, staging environments, or regional storefronts. Managing individual certificates for each one gets tedious fast, and that&#8217;s exactly the problem wildcard SSL solves.<\/p>\n<p>This article explains how wildcard SSL works, what it covers and what it doesn&#8217;t, how to request one through common hosting control panels, and the gotchas that catch people off guard.<\/p>\n<h2>Prerequisites<\/h2>\n<ul>\n<li>Domain ownership and access to your DNS zone (through your registrar or your hosting control panel)<\/li>\n<li>Access to cPanel, WHM, Plesk, or your server&#8217;s command line depending on your hosting type<\/li>\n<li>A certificate authority (CA) account if you&#8217;re using a paid certificate \u2014 or Certbot installed if you&#8217;re going the Let&#8217;s Encrypt route<\/li>\n<li>Basic understanding of what a subdomain is<\/li>\n<li>DNS propagation can take up to 48 hours after making changes \u2014 plan for that before going live<\/li>\n<\/ul>\n<h2>How Wildcard SSL Actually Works<\/h2>\n<p>When a CA issues a wildcard certificate for <code class=\"\" data-line=\"\">*.example.com<\/code>, the asterisk is a placeholder that matches exactly one level of subdomain. That&#8217;s it. One level.<\/p>\n<p>So <code class=\"\" data-line=\"\">*.example.com<\/code> covers:<\/p>\n<ul>\n<li><code class=\"\" data-line=\"\">www.example.com<\/code><\/li>\n<li><code class=\"\" data-line=\"\">shop.example.com<\/code><\/li>\n<li><code class=\"\" data-line=\"\">api.example.com<\/code><\/li>\n<li><code class=\"\" data-line=\"\">staging.example.com<\/code><\/li>\n<\/ul>\n<p>It does <strong>not<\/strong> cover:<\/p>\n<ul>\n<li><code class=\"\" data-line=\"\">example.com<\/code> itself (the root domain) \u2014 unless your CA explicitly includes it as a Subject Alternative Name (SAN), which many do now but not all<\/li>\n<li><code class=\"\" data-line=\"\">dev.api.example.com<\/code> \u2014 that&#8217;s a second-level subdomain and falls outside the wildcard&#8217;s scope<\/li>\n<\/ul>\n<p>That second point is the most common source of confusion I see on support tickets. A customer installs a wildcard cert and then wonders why <code class=\"\" data-line=\"\">dev.staging.example.com<\/code> is throwing a certificate error. The cert was never going to cover it. If you need second-level subdomains secured, you&#8217;ll need either a separate certificate for each, or a multi-domain (SAN) certificate that lists them explicitly.<\/p>\n<h2>Wildcard SSL vs. Standard SSL vs. Multi-Domain SSL<\/h2>\n<p>Here&#8217;s a quick comparison so you can choose the right certificate type for your setup:<\/p>\n<ul>\n<li><strong>Standard (single-domain) SSL<\/strong> \u2014 covers one domain or subdomain only. Cheapest option. Right for a single site.<\/li>\n<li><strong>Wildcard SSL<\/strong> \u2014 covers one domain and all its first-level subdomains. Best when you have or expect multiple subdomains under one root domain.<\/li>\n<li><strong>Multi-domain (SAN) SSL<\/strong> \u2014 covers a specific list of domains and subdomains you define at issuance. More flexible but requires reissuance every time you add a new domain. Good for agencies managing different client domains on one server.<\/li>\n<\/ul>\n<p>If you&#8217;re hosting several distinct websites on a <a href=\"https:\/\/www.hostandtech.com\/shared-hosting\/\">Shared Hosting<\/a> plan, a standard SSL per domain is usually sufficient. If you&#8217;re on one of our VPS plans and running a multi-tenant SaaS or e-commerce platform with customer subdomains, a wildcard cert is almost always the smarter call.<\/p>\n<h2>Requesting a Wildcard SSL Certificate<\/h2>\n<h3>Option 1: Let&#8217;s Encrypt via Certbot (Command Line)<\/h3>\n<p>Let&#8217;s Encrypt supports wildcard certificates, but they require DNS-01 challenge validation \u2014 you can&#8217;t use the standard HTTP challenge for wildcards. This means you need to add a TXT record to your DNS zone to prove domain ownership.<\/p>\n<ol>\n<li>\n<p>Run the following command to request a wildcard certificate with manual DNS validation:<\/p>\n<div class='ht-code-snippet'><button class='ht-code-snippet__copy' onclick='htCopyCode(\"code-block-1\")' type='button' aria-label='Copy code'><svg class='ht-copy-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M28,10V28H10V10H28m0-2H10a2,2,0,0,0-2,2V28a2,2,0,0,0,2,2H28a2,2,0,0,0,2-2V10a2,2,0,0,0-2-2Z'><\/path><path d='M4,18H2V4A2,2,0,0,1,4,2H18V4H4Z'><\/path><\/svg><svg class='ht-check-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M13,24l-9-9,1.414-1.414L13,21.171,26.586,7.586,28,9Z'><\/path><\/svg><\/button><span class='ht-code-snippet__feedback'>Copied to clipboard<\/span><\/p>\n<pre class='ht-code-snippet__code' id='code-block-1'><code class=\"\" data-line=\"\">sudo certbot certonly \n  --manual \n  --preferred-challenges dns \n  -d example.com \n  -d &quot;*.example.com&quot;<\/code><\/pre>\n<\/div>\n<p>Including both <code class=\"\" data-line=\"\">example.com<\/code> and <code class=\"\" data-line=\"\">*.example.com<\/code> ensures your root domain is also secured \u2014 otherwise it won&#8217;t be.<\/p>\n<\/li>\n<li>\n<p>Certbot will pause and ask you to create a DNS TXT record like this:<\/p>\n<div class='ht-code-snippet'><button class='ht-code-snippet__copy' onclick='htCopyCode(\"code-block-2\")' type='button' aria-label='Copy code'><svg class='ht-copy-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M28,10V28H10V10H28m0-2H10a2,2,0,0,0-2,2V28a2,2,0,0,0,2,2H28a2,2,0,0,0,2-2V10a2,2,0,0,0-2-2Z'><\/path><path d='M4,18H2V4A2,2,0,0,1,4,2H18V4H4Z'><\/path><\/svg><svg class='ht-check-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M13,24l-9-9,1.414-1.414L13,21.171,26.586,7.586,28,9Z'><\/path><\/svg><\/button><span class='ht-code-snippet__feedback'>Copied to clipboard<\/span><\/p>\n<pre class='ht-code-snippet__code' id='code-block-2'><code class=\"\" data-line=\"\">Please deploy a DNS TXT record under the name:\n_acme-challenge.example.com\nwith the following value:\naBcDeFgHiJkLmNoPqRsTuVwXyZ1234567890abcde<\/code><\/pre>\n<\/div>\n<p>Log into your DNS provider and add that exact TXT record before pressing Enter to continue.<\/p>\n<\/li>\n<li>\n<p>Wait for DNS to propagate. You can check propagation with:<\/p>\n<div class='ht-code-snippet'><button class='ht-code-snippet__copy' onclick='htCopyCode(\"code-block-3\")' type='button' aria-label='Copy code'><svg class='ht-copy-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M28,10V28H10V10H28m0-2H10a2,2,0,0,0-2,2V28a2,2,0,0,0,2,2H28a2,2,0,0,0,2-2V10a2,2,0,0,0-2-2Z'><\/path><path d='M4,18H2V4A2,2,0,0,1,4,2H18V4H4Z'><\/path><\/svg><svg class='ht-check-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M13,24l-9-9,1.414-1.414L13,21.171,26.586,7.586,28,9Z'><\/path><\/svg><\/button><span class='ht-code-snippet__feedback'>Copied to clipboard<\/span><\/p>\n<pre class='ht-code-snippet__code' id='code-block-3'><code class=\"\" data-line=\"\">dig TXT _acme-challenge.example.com +short<\/code><\/pre>\n<\/div>\n<p>Once it returns the correct value, go back to the Certbot prompt and confirm.<\/p>\n<\/li>\n<li>\n<p>Your certificate files will be saved to:<\/p>\n<div class='ht-code-snippet'><button class='ht-code-snippet__copy' onclick='htCopyCode(\"code-block-4\")' type='button' aria-label='Copy code'><svg class='ht-copy-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M28,10V28H10V10H28m0-2H10a2,2,0,0,0-2,2V28a2,2,0,0,0,2,2H28a2,2,0,0,0,2-2V10a2,2,0,0,0-2-2Z'><\/path><path d='M4,18H2V4A2,2,0,0,1,4,2H18V4H4Z'><\/path><\/svg><svg class='ht-check-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M13,24l-9-9,1.414-1.414L13,21.171,26.586,7.586,28,9Z'><\/path><\/svg><\/button><span class='ht-code-snippet__feedback'>Copied to clipboard<\/span><\/p>\n<pre class='ht-code-snippet__code' id='code-block-4'><code class=\"\" data-line=\"\">\/etc\/letsencrypt\/live\/example.com\/fullchain.pem\n\/etc\/letsencrypt\/live\/example.com\/privkey.pem<\/code><\/pre>\n<\/div>\n<\/li>\n<\/ol>\n<p>\u26a0 <strong>Warning:<\/strong> Let&#8217;s Encrypt wildcard certificates expire every 90 days. Manual DNS validation doesn&#8217;t support automated renewal \u2014 you&#8217;ll need to set up a DNS plugin for your provider (e.g., Certbot&#8217;s Cloudflare or Route53 plugins) to automate this. If you forget to renew, all your subdomains go down at once. That&#8217;s a painful lesson.<\/p>\n<h3>Option 2: Installing a Wildcard Certificate in cPanel \/ WHM<\/h3>\n<p>If you purchased a wildcard certificate from a commercial CA (e.g., Sectigo, DigiCert), you&#8217;ll have a certificate file, a private key, and usually a CA bundle.<\/p>\n<ol>\n<li>Log into <strong>WHM<\/strong> as root or reseller.<\/li>\n<li>Navigate to <strong>SSL\/TLS<\/strong> &gt; <strong>Install an SSL Certificate on a Domain<\/strong>.<\/li>\n<li>In the <strong>Domain<\/strong> field, enter your root domain: <code class=\"\" data-line=\"\">example.com<\/code>.<\/li>\n<li>Paste your certificate contents into the <strong>Certificate (CRT)<\/strong> field.<\/li>\n<li>Paste your private key into the <strong>Private Key (KEY)<\/strong> field.<\/li>\n<li>Paste the CA bundle into the <strong>Certificate Authority Bundle (CABUNDLE)<\/strong> field.<\/li>\n<li>Click <strong>Install Certificate<\/strong>.<\/li>\n<\/ol>\n<p>\ud83d\udcdd <strong>Note:<\/strong> In cPanel, a wildcard cert installed on the root domain does not automatically apply to subdomains that have their own dedicated IP or Apache VirtualHost entries. Each subdomain&#8217;s VirtualHost needs to reference the same certificate, or you&#8217;ll still see errors on those subdomains. In WHM, you can use <strong>Manage SSL Hosts<\/strong> to verify which domains are actually using the cert.<\/p>\n<h3>Option 3: Plesk<\/h3>\n<ol>\n<li>Go to <strong>Domains<\/strong> &gt; select your domain &gt; <strong>SSL\/TLS Certificates<\/strong>.<\/li>\n<li>Click <strong>Add SSL\/TLS Certificate<\/strong>.<\/li>\n<li>Enter a name (e.g., <code class=\"\" data-line=\"\">wildcard-example-com<\/code>), paste your certificate, private key, and CA certificate into their respective fields.<\/li>\n<li>Click <strong>Upload Certificate<\/strong>.<\/li>\n<li>Return to the domain&#8217;s <strong>Hosting Settings<\/strong> and select this certificate from the SSL\/TLS dropdown.<\/li>\n<\/ol>\n<h2>Common Issues and Troubleshooting<\/h2>\n<h3>Second-Level Subdomains Show a Certificate Error<\/h3>\n<p><strong>Symptom:<\/strong> <code class=\"\" data-line=\"\">dev.api.example.com<\/code> throws a <code class=\"\" data-line=\"\">NET::ERR_CERT_COMMON_NAME_INVALID<\/code> error even though the wildcard is installed.<\/p>\n<p><strong>Cause:<\/strong> Your wildcard cert (<code class=\"\" data-line=\"\">*.example.com<\/code>) only covers one subdomain level. <code class=\"\" data-line=\"\">dev.api.example.com<\/code> is two levels deep and simply isn&#8217;t in scope.<\/p>\n<p><strong>Fix:<\/strong> Either restructure your subdomain naming (e.g., <code class=\"\" data-line=\"\">dev-api.example.com<\/code> instead), or obtain a separate certificate for <code class=\"\" data-line=\"\">*.api.example.com<\/code> \u2014 yes, wildcards can exist at deeper levels, you just need a separate cert for each level.<\/p>\n<h3>Root Domain Not Covered by the Wildcard<\/h3>\n<p><strong>Symptom:<\/strong> <code class=\"\" data-line=\"\">www.example.com<\/code> loads fine over HTTPS but <code class=\"\" data-line=\"\">example.com<\/code> shows a certificate warning.<\/p>\n<p><strong>Cause:<\/strong> <code class=\"\" data-line=\"\">*.example.com<\/code> does not automatically include the apex domain <code class=\"\" data-line=\"\">example.com<\/code>. These are technically separate entries.<\/p>\n<p><strong>Fix:<\/strong> When requesting your certificate, always include both <code class=\"\" data-line=\"\">example.com<\/code> and <code class=\"\" data-line=\"\">*.example.com<\/code> as SANs. For Let&#8217;s Encrypt, pass both <code class=\"\" data-line=\"\">-d example.com -d &quot;*.example.com&quot;<\/code> in the Certbot command. For commercial CAs, check at order time \u2014 most include the root domain automatically, but confirm before you pay.<\/p>\n<h3>Let&#8217;s Encrypt Wildcard Won&#8217;t Auto-Renew<\/h3>\n<p><strong>Symptom:<\/strong> The certificate expires and your cron job didn&#8217;t renew it automatically.<\/p>\n<p><strong>Cause:<\/strong> Wildcard renewal via Let&#8217;s Encrypt requires DNS-01 challenge, which can&#8217;t be fully automated without a DNS API plugin. If you set up the cert manually, there&#8217;s no way for Certbot to complete DNS validation unattended.<\/p>\n<p><strong>Fix:<\/strong> Install the appropriate Certbot DNS plugin for your DNS provider. For Cloudflare:<\/p>\n<div class='ht-code-snippet'><button class='ht-code-snippet__copy' onclick='htCopyCode(\"code-block-5\")' type='button' aria-label='Copy code'><svg class='ht-copy-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M28,10V28H10V10H28m0-2H10a2,2,0,0,0-2,2V28a2,2,0,0,0,2,2H28a2,2,0,0,0,2-2V10a2,2,0,0,0-2-2Z'><\/path><path d='M4,18H2V4A2,2,0,0,1,4,2H18V4H4Z'><\/path><\/svg><svg class='ht-check-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M13,24l-9-9,1.414-1.414L13,21.171,26.586,7.586,28,9Z'><\/path><\/svg><\/button><span class='ht-code-snippet__feedback'>Copied to clipboard<\/span><\/p>\n<pre class='ht-code-snippet__code' id='code-block-5'><code class=\"\" data-line=\"\">sudo pip install certbot-dns-cloudflare\nsudo certbot renew --dns-cloudflare --dns-cloudflare-credentials ~\/.secrets\/cloudflare.ini<\/code><\/pre>\n<\/div>\n<p>Then add <code class=\"\" data-line=\"\">certbot renew<\/code> to a cron job or systemd timer. Check Certbot&#8217;s documentation for a full list of supported DNS plugins.<\/p>\n<h3>Mixed Content Warnings After Installing Wildcard SSL<\/h3>\n<p><strong>Symptom:<\/strong> The padlock icon appears broken or shows a warning in the browser even though the cert is installed correctly.<\/p>\n<p><strong>Cause:<\/strong> The certificate is fine \u2014 the problem is that your page is loading some resources (images, scripts, stylesheets) over HTTP instead of HTTPS. This is a content issue, not a certificate issue.<\/p>\n<p><strong>Fix:<\/strong> Use your browser&#8217;s developer tools (F12 &gt; Console) to identify which URLs are loading over HTTP. Update them to HTTPS. For WordPress sites, the Really Simple SSL plugin or a search-and-replace in the database usually clears this up quickly.<\/p>\n<h3>Certificate Not Applying to All Subdomains on Apache<\/h3>\n<p><strong>Symptom:<\/strong> Some subdomains still show the old certificate or the hosting provider&#8217;s default certificate.<\/p>\n<p><strong>Cause:<\/strong> Each subdomain with its own VirtualHost block in Apache needs to explicitly reference the wildcard certificate. Apache won&#8217;t automatically pick up a cert installed on the parent domain.<\/p>\n<p><strong>Fix:<\/strong> Edit the VirtualHost block for each subdomain and add the correct certificate paths:<\/p>\n<div class='ht-code-snippet'><button class='ht-code-snippet__copy' onclick='htCopyCode(\"code-block-6\")' type='button' aria-label='Copy code'><svg class='ht-copy-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M28,10V28H10V10H28m0-2H10a2,2,0,0,0-2,2V28a2,2,0,0,0,2,2H28a2,2,0,0,0,2-2V10a2,2,0,0,0-2-2Z'><\/path><path d='M4,18H2V4A2,2,0,0,1,4,2H18V4H4Z'><\/path><\/svg><svg class='ht-check-icon' viewBox='0 0 32 32' width='16' height='16' fill='currentColor'><path d='M13,24l-9-9,1.414-1.414L13,21.171,26.586,7.586,28,9Z'><\/path><\/svg><\/button><span class='ht-code-snippet__feedback'>Copied to clipboard<\/span><\/p>\n<pre class='ht-code-snippet__code' id='code-block-6'><code class=\"\" data-line=\"\">SSLCertificateFile \/etc\/letsencrypt\/live\/example.com\/fullchain.pem\nSSLCertificateKeyFile \/etc\/letsencrypt\/live\/example.com\/privkey.pem<\/code><\/pre>\n<\/div>\n<p>Then reload Apache: <code class=\"\" data-line=\"\">sudo systemctl reload apache2<\/code><\/p>\n<h2>FAQ<\/h2>\n<div class='ht-faq-section'>\n<h2>Frequently Asked Questions<\/h2>\n<div class='ht-faq-item'>\n<h3 class='ht-faq-question'>Does a wildcard SSL certificate cover the root domain?<\/h3>\n<div class='ht-faq-answer'>\n<p>Not automatically. A wildcard cert for *.example.com covers subdomains, but example.com itself is a separate entry. Most commercial CAs include the root domain as a SAN when you purchase a wildcard cert, but you should confirm this before buying. With Let&#8217;s Encrypt and Certbot, you need to explicitly pass both -d example.com and -d *.example.com when requesting the certificate.<\/p>\n<\/div>\n<\/div>\n<div class='ht-faq-item'>\n<h3 class='ht-faq-question'>Can I use one wildcard SSL for multiple different domains?<\/h3>\n<div class='ht-faq-answer'>\n<p>No. A wildcard SSL covers one root domain and its subdomains only. If you need to secure multiple different domains (e.g., example.com and anotherdomain.com), you need either separate certificates for each, or a multi-domain (SAN) certificate that lists all the domains you want to cover.<\/p>\n<\/div>\n<\/div>\n<div class='ht-faq-item'>\n<h3 class='ht-faq-question'>Are wildcard SSL certificates free with Let&#039;s Encrypt?<\/h3>\n<div class='ht-faq-answer'>\n<p>Yes, Let&#8217;s Encrypt issues wildcard certificates at no cost. The trade-off is that they expire every 90 days and require DNS-01 challenge validation, which means you&#8217;ll need a DNS API plugin to automate renewals. If automated DNS validation isn&#8217;t an option in your setup, a paid commercial wildcard cert with a longer validity period is often more practical.<\/p>\n<\/div>\n<\/div>\n<div class='ht-faq-item'>\n<h3 class='ht-faq-question'>How many subdomains can a wildcard SSL certificate cover?<\/h3>\n<div class='ht-faq-answer'>\n<p>There&#8217;s no fixed limit on the number of subdomains \u2014 you can add as many first-level subdomains as your infrastructure requires, and they&#8217;ll all be covered by one wildcard cert. The restriction is on subdomain depth, not quantity. Any new first-level subdomain you create will be covered without any changes to the certificate.<\/p>\n<\/div>\n<\/div>\n<div class='ht-faq-item'>\n<h3 class='ht-faq-question'>Can I use a wildcard SSL on a shared hosting plan?<\/h3>\n<div class='ht-faq-answer'>\n<p>It depends on the hosting provider and plan. Some shared hosting environments limit SSL management or only support Let&#8217;s Encrypt via AutoSSL. On Host &#038; Tech shared hosting plans, AutoSSL handles SSL automatically per domain and subdomain, which often makes wildcard certs unnecessary. If you need more control over SSL configuration, a VPS or dedicated server gives you full access to manage certificates exactly as you want.<\/p>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>A wildcard SSL certificate secures a domain and all its first-level subdomains under a single certificate. If you&#8217;re running multiple subdomains and tired of managing separate certificates, here&#8217;s what you need to know before buying one.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[79],"tags":[81,103,162,161,83,160,164,163],"class_list":["post-135","post","type-post","status-publish","format-standard","hentry","category-ssl","tag-https","tag-ssl-certificate","tag-ssl-installation","tag-subdomain-ssl","tag-tls","tag-wildcard-ssl","tag-wildcard-ssl-certificates-explained","tag-wildcard-ssl-certificates-explained-what-they-cover-what-they-dont-and-when-to-use-one"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Wildcard SSL Certificates Explained: What They Cover, What They Don&#039;t, and When to Use One<\/title>\n<meta name=\"description\" content=\"Learn what a wildcard SSL certificate covers, how it differs from standard SSL, and when it makes sense for your hosting setup. Practical guidance for all skill levels.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hostandtech.com\/kb\/ssl\/wildcard-ssl-certificates-explained\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Wildcard SSL Certificates Explained: What They Cover, What They Don&#039;t, and When to Use One\" \/>\n<meta property=\"og:description\" content=\"Learn what a wildcard SSL certificate covers, how it differs from standard SSL, and when it makes sense for your hosting setup. Practical guidance for all skill levels.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hostandtech.com\/kb\/ssl\/wildcard-ssl-certificates-explained\/\" \/>\n<meta property=\"og:site_name\" content=\"Host And Tech knowledge base\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/stshostandtech\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-26T21:42:23+00:00\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:site\" content=\"@stshostandtech\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"9 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/ssl\\\/wildcard-ssl-certificates-explained\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/ssl\\\/wildcard-ssl-certificates-explained\\\/\"},\"author\":{\"name\":\"admin\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\"},\"headline\":\"Wildcard SSL Certificates Explained: What They Cover, What They Don&#8217;t, and When to Use One\",\"datePublished\":\"2026-05-26T21:42:23+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/ssl\\\/wildcard-ssl-certificates-explained\\\/\"},\"wordCount\":1693,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"keywords\":[\"https\",\"ssl certificate\",\"SSL installation\",\"subdomain SSL\",\"tls\",\"wildcard SSL\",\"Wildcard SSL Certificates Explained\",\"Wildcard SSL Certificates Explained: What They Cover, What They Don't, and When to Use One\"],\"articleSection\":[\"SSL &amp; HTTPS\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/ssl\\\/wildcard-ssl-certificates-explained\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/ssl\\\/wildcard-ssl-certificates-explained\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/ssl\\\/wildcard-ssl-certificates-explained\\\/\",\"name\":\"Wildcard SSL Certificates Explained: What They Cover, What They Don't, and When to Use One\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\"},\"datePublished\":\"2026-05-26T21:42:23+00:00\",\"description\":\"Learn what a wildcard SSL certificate covers, how it differs from standard SSL, and when it makes sense for your hosting setup. Practical guidance for all skill levels.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/ssl\\\/wildcard-ssl-certificates-explained\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/hostandtech.com\\\/kb\\\/ssl\\\/wildcard-ssl-certificates-explained\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/ssl\\\/wildcard-ssl-certificates-explained\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Wildcard SSL Certificates Explained: What They Cover, What They Don&#8217;t, and When to Use One\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#website\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"name\":\"Host And Tech knowledge base\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#organization\",\"name\":\"Host And Tech knowledge base\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"contentUrl\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/wp-content\\\/uploads\\\/2026\\\/05\\\/logo-dark.png\",\"width\":1134,\"height\":395,\"caption\":\"Host And Tech knowledge base\"},\"image\":{\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/stshostandtech\",\"https:\\\/\\\/x.com\\\/stshostandtech\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/#\\\/schema\\\/person\\\/b6fa79c48ddaba71af32e395c5b017ee\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g\",\"caption\":\"admin\"},\"sameAs\":[\"https:\\\/\\\/hostandtech.com\\\/kb\"],\"url\":\"https:\\\/\\\/hostandtech.com\\\/kb\\\/author\\\/admin_fjj7qydm\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Wildcard SSL Certificates Explained: What They Cover, What They Don't, and When to Use One","description":"Learn what a wildcard SSL certificate covers, how it differs from standard SSL, and when it makes sense for your hosting setup. Practical guidance for all skill levels.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hostandtech.com\/kb\/ssl\/wildcard-ssl-certificates-explained\/","og_locale":"en_US","og_type":"article","og_title":"Wildcard SSL Certificates Explained: What They Cover, What They Don't, and When to Use One","og_description":"Learn what a wildcard SSL certificate covers, how it differs from standard SSL, and when it makes sense for your hosting setup. Practical guidance for all skill levels.","og_url":"https:\/\/hostandtech.com\/kb\/ssl\/wildcard-ssl-certificates-explained\/","og_site_name":"Host And Tech knowledge base","article_publisher":"https:\/\/www.facebook.com\/stshostandtech","article_published_time":"2026-05-26T21:42:23+00:00","author":"admin","twitter_card":"summary_large_image","twitter_creator":"@stshostandtech","twitter_site":"@stshostandtech","twitter_misc":{"Written by":"admin","Est. reading time":"9 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hostandtech.com\/kb\/ssl\/wildcard-ssl-certificates-explained\/#article","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/ssl\/wildcard-ssl-certificates-explained\/"},"author":{"name":"admin","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee"},"headline":"Wildcard SSL Certificates Explained: What They Cover, What They Don&#8217;t, and When to Use One","datePublished":"2026-05-26T21:42:23+00:00","mainEntityOfPage":{"@id":"https:\/\/hostandtech.com\/kb\/ssl\/wildcard-ssl-certificates-explained\/"},"wordCount":1693,"commentCount":0,"publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"keywords":["https","ssl certificate","SSL installation","subdomain SSL","tls","wildcard SSL","Wildcard SSL Certificates Explained","Wildcard SSL Certificates Explained: What They Cover, What They Don't, and When to Use One"],"articleSection":["SSL &amp; HTTPS"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/hostandtech.com\/kb\/ssl\/wildcard-ssl-certificates-explained\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/hostandtech.com\/kb\/ssl\/wildcard-ssl-certificates-explained\/","url":"https:\/\/hostandtech.com\/kb\/ssl\/wildcard-ssl-certificates-explained\/","name":"Wildcard SSL Certificates Explained: What They Cover, What They Don't, and When to Use One","isPartOf":{"@id":"https:\/\/hostandtech.com\/kb\/#website"},"datePublished":"2026-05-26T21:42:23+00:00","description":"Learn what a wildcard SSL certificate covers, how it differs from standard SSL, and when it makes sense for your hosting setup. Practical guidance for all skill levels.","breadcrumb":{"@id":"https:\/\/hostandtech.com\/kb\/ssl\/wildcard-ssl-certificates-explained\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hostandtech.com\/kb\/ssl\/wildcard-ssl-certificates-explained\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hostandtech.com\/kb\/ssl\/wildcard-ssl-certificates-explained\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hostandtech.com\/kb\/"},{"@type":"ListItem","position":2,"name":"Wildcard SSL Certificates Explained: What They Cover, What They Don&#8217;t, and When to Use One"}]},{"@type":"WebSite","@id":"https:\/\/hostandtech.com\/kb\/#website","url":"https:\/\/hostandtech.com\/kb\/","name":"Host And Tech knowledge base","description":"","publisher":{"@id":"https:\/\/hostandtech.com\/kb\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hostandtech.com\/kb\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/hostandtech.com\/kb\/#organization","name":"Host And Tech knowledge base","url":"https:\/\/hostandtech.com\/kb\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/","url":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","contentUrl":"https:\/\/hostandtech.com\/kb\/wp-content\/uploads\/2026\/05\/logo-dark.png","width":1134,"height":395,"caption":"Host And Tech knowledge base"},"image":{"@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/stshostandtech","https:\/\/x.com\/stshostandtech"]},{"@type":"Person","@id":"https:\/\/hostandtech.com\/kb\/#\/schema\/person\/b6fa79c48ddaba71af32e395c5b017ee","name":"admin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/aa1edac8bbadb442e059a5b65ad45a3b2e3ce689202373b96e3e567517ae4b39?s=96&d=mm&r=g","caption":"admin"},"sameAs":["https:\/\/hostandtech.com\/kb"],"url":"https:\/\/hostandtech.com\/kb\/author\/admin_fjj7qydm\/"}]}},"_links":{"self":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/135","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/comments?post=135"}],"version-history":[{"count":0,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/posts\/135\/revisions"}],"wp:attachment":[{"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/media?parent=135"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/categories?post=135"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hostandtech.com\/kb\/wp-json\/wp\/v2\/tags?post=135"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}