What is a SAN certificate?
A SAN (Subject Alternative Name) certificate lists multiple specific domains explicitly (yourdomain.com, www.yourdomain.com, api.yourdomain.com). It's more secure than a wildcard but requires re-issuing when adding new subdomains.
Verify This Answer
Cross-check this information using these trusted sources:
More FAQs in Wildcard SSL and SAN Certificates Securing Multiple Subdomains with One Certificate
A wildcard certificate (*.yourdomain.com) covers a domain and all its first-level subdomains (api, app, admin, www, etc.) with a single certificate. It does NOT cover the root domain (yourdomain.com) unless explicitly included, or second-level subdomains (sub.api.yourdomain.com).
Use sudo certbot certonly --manual --preferred-challenges dns -d *.yourdomain.com -d yourdomain.com. This requires DNS-01 challenge you add a TXT record (_acme-challenge) to your DNS. For automation, use the certbot-dns-cloudflare plugin with your Cloudflare API token.
Install certbot-dns-cloudflare, create a credentials file with your Cloudflare API token, then run certbot with --dns-cloudflare --dns-cloudflare-credentials. Certbot automatically adds and removes TXT records via the API during renewal.
Still have questions?
Browse all our FAQs or reach out to our support team
