- Plesk for Linux
- Plesk for Windows
The SSL certificate is created for '*.example.com'.
Why does wildcard SSL certificate cause a domain mismatch error on a second level subdomain like 'subdomain.subdomain.example.com'?
It is expected behavior.
RFC 2818 in "3.1. Server Identity" states that:
CONFIG_TEXT: Names may contain the wildcard character '*' which is considered to match any single domain name component or component fragment. E.g., '*.a.com' matches 'foo.a.com' but not 'bar.foo.a.com'.
The asterisk can only stand in for one field in the name submitted to the CA, and the certificate can contain only one asterisk, therefore it is not possible to cover two-level subdomain, such as 'subdomain.subdomain.example.com' by the same certificate as 'example.com'.
As a workarround add subdomain.example.com as a domain in plesk, then it is possible to create there a new wildcard for *.subdomain.example.com