Applicable to:
- Plesk for Linux
- Plesk for Windows
Question
Why do wildcard certificates cause a name mismatch on second level subdomains?
For example, a certificate for *.example.com
doesn't protect subdomain.subdomain.example.com
.
Answer
This is normal behavior, as defined in RFC 2818, 3.1. Server Identity:
Names may contain the wildcard character '*' which is considered to match any single domain name component or component fragment. E.g., '*.a.com' matches 'foo.a.com' but not 'bar.foo.a.com'.
In other words, the asterisk can only stand for one field, and the certificate can only have one asterisk. That means the same certificate for example.com
can't cover a two-level subdomain like subdomain.subdomain.example.com
.
Workaround
As a workaround, create a wildcard certificate for the first level of the subdomain:
- Add
subdomain.example.com
with the Add Domain button (not the Add Subdomain button): How to add a domain in Plesk - Issue a wildcard certificate for
subdomain.example.com
The new certificate will cover the second level subdomain.
Comments
0 comments
Please sign in to leave a comment.