Wildcard SSL certificate for several subdomains on same IP Address

I haven't set one up in a while, but if correctly installed then yes a wildcard cert is valid for all subdomains.

 

Hello cPanelMichael,

I'm also looking into installing a wildcard SSL cert on my cPanel server (Centos 7). I would like to install that wildcard cert once and have it work for all subdomains under my main domain. I was also told by a server admin that it needed to be installed manually for each subdomain, but reading the following thread in which you responded:
Wildcard SSL certificate on wildcard subdomain (reference your reply to user "vanessa")
it sounds like it may be possible to create a wildcard DNS entry for "*" in my main domain's DNS and install the wildcard cert once to cover all subdomains.

Can you clarify if this is indeed possible, and if so, provide additional detail regarding the specific installation steps necessary to have a *single installation* of a wildcard cert work for all current and future subdomains of the main domain?
Thanks!

 

AutoSSL looks very intriguing, but now I have some additional questions about this feature:

From what I read, it seems that it will only automatically install a new SSL cert if there is already an expiring one on that account, correct? If this is not the case, will AutoSSL actually generate/install a new SSL cert for all accounts (up to it's limits) after it is enabled, even accounts that don't currently have an SSL cert installed on them?

It appears there are limits (200 for cPanel-provided certs) to the number of domains that can be provided with a free certificate. What about 300 subdomains using the same wildcard cert? Would that count as one cert or is it based on the number of installations?
Is there an option to tell AutoSSL to use a single wildcard cert for all subdomain accounts rather than to generate a new cert?
What if I already have a valid wildcard cert? Can AutoSSL use that to avoid hitting its limit?

Are the free certs from cPanel/AutoSSL "self-signed" or will they be natively recognized by most major browsers?

Thanks!

 

Thanks for the quick and thorough response! I guess my use case (600+ accounts with about 400+ using subdomains (rather than registered domains) for their account, I would have trouble if I enabled it as it would hit its limit due to trying to install all the subdomains from new, individually-generated certs for each one.

So even though AutoSSL won't issue a new wildcard cert, is there a way to have it use the valid wildcard cert I already installed on one of my subdomains (to test it)?

 

Thanks. I have written cPanel API code before so I could generate a script that installs my cert on the subdomain accounts initially.

But I imagine I'll still run into trouble when it expires, as AutoSSL will generate a new cert for the first 200 subdomains and then stop updating, leaving me with some accounts up to date, and others expired, with potentially no easy way to determine quickly which ones were not updated successfully due to the limit.