Let’s Encrypt Wildcard

Updated on Apr 30, 2024


This part of our tutorial is outdated. The Let's Encrypt plugin for cPanel has been discontinued and is no longer available. All Let's Encrypt certificates are now handled by AutoSSL. For more information, please read our blog post on the topic.

A wildcard certificate is an SSL certificate valid for all of a domain’s subdomains. It eliminates the necessity to install an SSL certificate on each subdomain individually. It can be identified by an asterisk in front of the domain it was issued on. For example, *.domain.com.

The majority of users do not need a wildcard certificate. However, they can be useful in situations like these:

  • You have a lot of subdomains;
  • In a multi-site structure when you have to assign an SSL certificate to every subdomain;
  • You create new subdomains often;
  • You are using a wildcard DNS record and need to protect all possible domains using SSL.

Unless your requirements resemble one or more of those listed above, we recommend you stick to non-wildcard certificates. They are simpler, faster to issue, and safer to manage.



There are two criteria that must be met so the installation of the wildcard certificate will be successful.

  • DNS Validation - The SSL validation method has to be DNS-01;
  • DNS Configuration - The domain which will be receiving the wildcard certificate must point to the server issuing it via Nameservers. That is because the server must create a TXT record to demonstrate control of your domain.

How to Issue a Wildcard Certificate

The steps for issuing a wildcard certificate are very similar to the steps for a normal certificate.

  • Open the Lets Encrypt SSL interface in your cPanel account;
  • In the Issue a new certificate section click +Issue next to your desired domain;
  • Select which domains you would like wildcards for from the Include Wildcard*? column. Tick the domains you want to be included. Then select the DNS-01 validation method;

  • Click Issue.

If you experience a failure, please double-check that your domain is using the Nameservers of the hosting service the issuing Let’s Encrypt is on, rather than being externally hosted (such as on Cloudflare).


Sharing Wildcards Between Subdomains

Sometimes you will want to share a single wildcard certificate between many subdomains without having to re-issue the certificate to the main domain. This is handy if you already have a wildcard certificate issued, but you add a new subdomain and want to expand the wildcard certificate's coverage to it as well. You can do this the following way:

  • Issue a wildcard certificate to your primary domain if it does not have one yet;
  • For each subdomain that should use that certificate as well go to the interface for issuing a new certificate and find If you would instead like to re-use an existing certificate from another virtual host, click here at the bottom of the page;

  • Click the link and on the next page you can select the certificate that was already installed on the main domain;

  • Click Install.

Using this particular functionality of Let's Encrypt will save you a lot of time and effort. With this you can add subdomains to the wildcard SSL certificate without having to reissue it over and over. 

On this page...

    High Security Hosting

    • Network Firewall
    • Web Application Firewall
    • Brute-force Protection
    • Exploits and Malware Protect
    • CageFS Security
    • ModSecurity Manager
    View More