Alibaba Cloud Certificate Management Service supports wildcard certificates. You can install a wildcard certificate on a server to protect a primary domain name and all its subdomains at the same level. Both domain validated (DV) and organization validated (OV) certificates support wildcard domain names.
If your server hosts multiple subdomains at the same level, you need to only purchase and install one wildcard certificate. You do not need to purchase or install a certificate for each subdomain.
When you purchase a wildcard certificate, take note of the following rules that are used to match the subdomains of a wildcard domain name:
A wildcard certificate supports only subdomains at the same level. For example, if you bind a wildcard certificate to the domain name *.aliyundoc.com, the wildcard certificate supports subdomains at the same level, such as demo.aliyundoc.com, learn.aliyundoc.com, and example.aliyundoc.com. The wildcard certificate does not support subdomains at different levels, such as guide.demo.aliyundoc.com and developer.demo.aliyundoc.com.
If you bind a wildcard certificate to a first-level domain name, the certificate is automatically assigned to the parent domain name of the domain name free of charge. This rule does not apply to Alibaba Cloud certificates. For example, if you bind the wildcard domain name *.aliyundoc.com to a certificate, the certificate is automatically assigned to the parent domain name aliyundoc.com free of charge. If you bind the wildcard domain name *.demo.aliyundoc.com to a certificate, the certificate is not automatically assigned to the domain name demo.aliyundoc.com or aliyundoc.com free of charge.
Certificate Management Service allows you to apply only for a wildcard certificate to which a single wildcard domain name is bound. You cannot apply for a multi-domain wildcard certificate. If you want to bind multiple wildcard domain names to a certificate, you can combine multiple certificates of the same brand and type to generate a multi-domain wildcard certificate. For more information, see Combine certificates.
NoteIf you want to bind both single and wildcard domain names such as *.aliyundoc.com and demo.example.com to a certificate, you can combine multiple certificates of the same brand and type to generate a hybrid certificate. For more information, see Combine certificates.