4

I use aws route53 with a wildcard SSL certificate:

the certificate allows: *.domain.com

In order to allow users to access both: "domain.com" and "www.domain.com" I have to setup individual records for each. This does not bother me, but I have a problem when I want to use subdomains:

domain.com
www.domain.com
sub.domain.com

all work since they match *.domain.com ... However I also want www.sub.domain.com to work without having to add *.sub.domain.com to the certificate.

How is it possible?

Chris
  • 173
  • 1
  • 5

1 Answers1

6

Not sure how AWS Route 53 is related to SSL certificates. Route 53 is basically a DNS service, it has nothing to do with SSL certificates. At the same time, AWS does deal with SSL certificates too - service responsible for this is called Certificate Manager.

Anyway, answering to your question:

  1. If your SSL certificates are issued by AWS, then you can issue a certificate for any subdomain you own for free. The only limitation is that you can't download the private key for this certificate - you can only use it through ELB (Elastic Load Balancer) or CloudFront services.
  2. If your SSL certificates are issued by another authority, then unfortunately you have to request a separate certificate for *.sub.domain.com - that's the general principle, based on how SSL certificates work. See, for example, the answer to this question: Wildcard SSL certificate for second-level subdomain
Community
  • 1
Vlad Nikiforov
  • 441
  • 6
  • 15
  • 1
    Thanks. I already use the AWS certificate manager for my certs. I just wanted to know if there is a more general wildcard pattern that I can use rather than requesting a new certificate for every subdomain that I may add. But it seems that this is necessary. At least it's free since I use cloudfront :) – Chris Jan 12 '17 at 15:02
  • Actually, you should be able to do it programmatically. I didn't try it myself, but I know that virtually everything can be done via AWS API, using, say, [Python Boto3](https://github.com/boto/boto3) or a similar library. I personally use Boto3 for creating and rotating IAM access keys. – Vlad Nikiforov Jan 13 '17 at 08:16