Facebook Pixel

Should I use a wildcard or SAN certificate?

Use a wildcard if you have many subdomains or plan to add more in the future (no re-issue needed). Use a SAN if you have a fixed number of subdomains and want more security (each domain is explicitly listed). Both are free with Let's Encrypt.

Verify This Answer

Cross-check this information using these trusted sources:

More FAQs in Wildcard SSL and SAN Certificates Securing Multiple Subdomains with One Certificate

A wildcard certificate (*.yourdomain.com) covers a domain and all its first-level subdomains (api, app, admin, www, etc.) with a single certificate. It does NOT cover the root domain (yourdomain.com) unless explicitly included, or second-level subdomains (sub.api.yourdomain.com).

A SAN (Subject Alternative Name) certificate lists multiple specific domains explicitly (yourdomain.com, www.yourdomain.com, api.yourdomain.com). It's more secure than a wildcard but requires re-issuing when adding new subdomains.

Use sudo certbot certonly --manual --preferred-challenges dns -d *.yourdomain.com -d yourdomain.com. This requires DNS-01 challenge you add a TXT record (_acme-challenge) to your DNS. For automation, use the certbot-dns-cloudflare plugin with your Cloudflare API token.

Still have questions?

Browse all our FAQs or reach out to our support team

Want to upskill yourself?

Our courses are taking a Coffee break, but your curiosity shouldn't. Stay engaged with namastedev linkedin, youtube, discord and other resources while you wait.

0