Alibaba Cloud Certificate Management Service supports wildcard certificates. You can install a wildcard certificate on a server to protect a primary domain name and all its subdomains at the same level. Both domain validated (DV) and organization validated (OV) certificates support wildcard domain names.
If your server hosts multiple subdomains at the same level, you need to only purchase and install one wildcard certificate. You do not need to purchase or install a certificate for each subdomain.
When you purchase a wildcard certificate, take note of the following rules that are used to match the subdomains of a wildcard domain name:
Only subdomains at the same level can be matched. Subdomains at different levels cannot be matched. For example, if you bind *.aliyundoc.com to a certificate, subdomains such as demo.aliyundoc.com and learn.aliyundoc.com are matched. Subdomains such as guide.demo.aliyundoc.com and developer.demo.aliyundoc.com are not matched.
If the primary domain name of a wildcard domain name is a first-level domain name, the certificate bound to the wildcard domain name is automatically applied to the primary domain name free of charge. This rule does not apply to Alibaba Cloud certificates. For example, if you apply for a certificate bound to *.aliyundoc.com, the certificate is automatically applied to aliyundoc.com free of charge. If you apply for a certificate bound to *.demo.aliyundoc.com, the certificate is not applied to demo.aliyundoc.com or aliyundoc.com domain name free of charge.
You can apply for a certificate bound to one wildcard domain name. You cannot apply for a certificate bound to multiple wildcard domain names. If you want to bind multiple wildcard domain names to a certificate, you can combine multiple certificates of the same brand and type to generate a multi-domain wildcard certificate. For more information, see Combine certificates.
If you want to bind both single and wildcard domain names such as *.aliyundoc.com and demo.example.com to a certificate, you can combine multiple certificates of the same brand and type to generate a hybrid certificate.