SSL certificates are essential for every website - they encrypt data between your visitor and your server and display the padlock icon that signals a secure connection. Most websites need one certificate for one domain. But what happens when you run multiple subdomains? That is where wildcard SSL certificates come in.
What Is a Wildcard SSL Certificate?
A wildcard SSL certificate secures a domain and all of its first-level subdomains using a single certificate. The wildcard character (an asterisk) in the certificate name represents any subdomain. For example, a wildcard certificate for *.example.ca would secure:
www.example.cablog.example.cashop.example.caapp.example.camail.example.ca- Any other subdomain you create
One certificate. One renewal date. All subdomains covered automatically, including ones you create after installing the certificate.
The Three Certificate Types Compared
Single-domain (standard) SSL covers exactly one domain or subdomain. A certificate for example.ca secures example.ca and typically www.example.ca, but nothing else.
Wildcard SSL covers the main domain and all first-level subdomains (the * position). It does not cover the root domain alone if that is a separate record, and it does not cover second-level wildcard patterns like *.app.example.ca - those require a separate wildcard certificate.
Multi-domain (SAN) SSL covers a specific list of domains and subdomains - potentially across completely different domain names. A single SAN certificate could cover example.ca, example.com, and shopname.ca simultaneously. These are useful for organizations managing multiple distinct domain names.
When Do You Need a Wildcard Certificate?
Wildcard certificates make sense when you run multiple subdomains that all need HTTPS. Common examples:
shop.yourcompany.cafor an e-commerce storeblog.yourcompany.cafor a WordPress blogapp.yourcompany.cafor a client portal or web applicationbooking.yourcompany.cafor an appointment systemmail.yourcompany.cafor a mail server
If you currently have or plan to have three or more SSL-secured subdomains, a wildcard certificate is almost always more cost-effective and easier to manage than individual certificates for each subdomain.
Cost Comparison
Wildcard certificates from commercial certificate authorities (CAs) typically range from $100 to $300 USD per year, depending on the provider and validation level. Compare that to paying $50 to $100 per year for each individual subdomain certificate - the math favors a wildcard at three or more subdomains.
How Let's Encrypt Handles Wildcards
Let's Encrypt is the free, automated certificate authority that makes SSL accessible to everyone. It does issue wildcard certificates, but with one additional requirement: you must complete a DNS challenge to prove domain ownership, rather than the simpler HTTP challenge used for standard certificates.
A DNS challenge requires you to add a specific TXT record to your domain DNS configuration. Some hosting control panels and certificate management tools automate this entirely. Others require a manual step every 90 days when the certificate renews (since Let's Encrypt certificates expire every 90 days).
If your hosting control panel supports automated DNS validation for Let's Encrypt wildcards - which many modern setups do - this is a fully viable free option.
When the Free AutoSSL in cPanel Is Enough
dotCanada hosting includes AutoSSL, which automatically issues and renews free SSL certificates for your domain and the subdomains hosted in your cPanel account. For most small business websites - where the subdomains are all hosted in the same cPanel account - AutoSSL covers each subdomain with its own individual certificate, automatically.
You do not need a wildcard certificate if:
- All your subdomains are hosted under the same cPanel account
- You have a small, stable number of subdomains
- AutoSSL is actively issuing certificates for each of them
AutoSSL handles renewal automatically, so the main advantage of a paid wildcard (convenience) may not apply to your setup.
When to Purchase a Wildcard Through dotCanada
A purchased wildcard certificate makes the most sense when:
- You need to secure subdomains that are not managed through cPanel (external applications, separate servers, mail servers on different infrastructure)
- You require a more trusted certificate for enterprise or regulated environments
- You want a single certificate covering subdomains across multiple server environments
- Automated DNS challenge renewal for Let's Encrypt is not supported in your setup
dotCanada offers wildcard SSL certificates from trusted certificate authorities. Contact our support team to discuss which certificate type fits your architecture and budget. We can help you assess whether AutoSSL already covers your needs or whether a paid wildcard is the right upgrade.
