Wildcard SSL certificate for subdomains (branch subdomains)

Hi all,

I followed this guide and I see that the Let’s Encrypt certificates are not generated automatically even though I see all subdomains in dns settings https://app.netlify.com/teams/myteam/dns/mysite. Is there a way to provision those automatically, or I have to ping support every time?

Thanks in advance!

If you are using Netlify DNS, the Let’s Encrypt SSL certificates are updated automatically.

If you are using external DNS, then the SSL certificate is not updated automatically which is what the guide you linked to is about.

If you are still seeing this issue, please let us know the name (or API ID) of the affected site.

You can private message (PM) that to one of our support staff and I’ve confirmed that PMs are enabled for your community login. Note, that only one person can see the PM and this will likely mean a slower reply than posting the information publicly. Please feel free to reply to however you prefer though.

Hi, @curiouscat. I do see that a Netlify DNS configuration was created for the custom domain you sent via private message (PM).

Note, that custom domain isn’t actually using Netlify DNS. Please delete the domain configuration at Netlify under Account > Domains > “Domain name here” (or activate it instead if you prefer).

Leaving inactive DNS zones is not recommended or supported. It is known to cause a variety of issues, particularly around the automatic SSL certificates from Let’s Encrypt.

Once the DNS zone is deleted, the support guide instructions will work. After deploying the branch and creating the required DNS records (with the actual DNS service not Netlify DNS), please let us know and we can get the SSL certificate extended to include the branch subdomain.

This process is required for each custom domain and must be repeated each time a branch subdomain is added. The alternatives to this process are to use Netlify DNS (and then the branch subdomains are automatic) or to upload your own SSL certificate.

If there are other questions or if the DNS is ready for us to extend the SSL certificate, please let us know.