How to create a standard LetsEncrypt certificate to use with subdomains of Multisite?

Hi all, i have generated a certificate to use with the main domain of my network, has i use multisite with subdomains the other hosts will not use the same certificate, is there any way to add more hosts to the certificate?

Also, if i want to install a new certificate to use with other subdomain which is mapped for a domain name how can i generate a new certificate with letsencrypt to use with for that domain name?

Thank you

  • Sajid

    Hi Pedro,
    Hope you are doing good today!

    According to lets encrypt FAQ, it does not support Wildcard Subdomains SSL. Please refer to their official FAQ page of lets encrypt. See Will Let’s Encrypt issue wildcard certificates?

    I have also pinged Jenni who wrote an article about SSL certificate by lets encrypt to get her invaluable feedback on this matter as well.

    For mapped domain, you need to get another SSL certificate for that specific domain or you can also use single/same certificate for multiple domains via SAN method.

    See Can I get a certificate for multiple domain names (SAN certificates)? section in lets encrypt's official FAQ page here:

    Take care and have a nice day :slight_smile:

    Best Regards,

  • Jenni McKinnon

    Hey Pedro,

    Before I wrote the article on Let's Encrypt, I chatted with them and they let me know that they do not offer wildcard SSL certificates.

    The idea is that you can get as many standard certificates as you want so wildcard certificates aren't really necessary, though, they may look at doing it in the future.

    If you would like to use domain mapping with Multisite and use Let's Encrypt certificates, you would need to use an SNI (Server Name Indication) because you would otherwise need a dedicated IP address for each domain which isn't supported for Multisite. An SNI would take care of that.

    Here are some links with a bit more info:

    Let us know if you have anymore questions. :slight_smile:



    • Pedro

      Hi Jenni, i have my server setup with SNI which isn't a problem, i already have letsencrypt and certbot installed on the server and have some domains using letsencrypt, but for multisite i can't properly setup or add subdomain hosts to the certificate.

      I have crawled the web in hope to see if there was ways of adding the subdomains to the certificate and i have also read the article about wildcards aren't in letsencrypt plans...but has you said letsencrypt will support wildcards in the future that is awesome :slight_smile:.

      Also i have read somewhere that its possible to add only 100 subdomains on the same certificate of the main domain, but i don't know how to generate the certificate to add more subdomains into it.

      It would be great if you provide some articles explaining it :smiley: :slight_smile:

      Thank you very much and regards

      • Jenni McKinnon

        Hey again Pedro,

        Ohhh awesome, then you're one step closer!

        There's currently a rate limit of 20 sub-domains and other variations for a single domain per week. This means you can keep issuing certificates for 20 sub-domains each week. You could go well over 100 as long as you spread them out.

        Adding multiple sub-domains with Certbot and Let's Encrypt isn't all that different from adding one.

        Here's an example for the webroot option:

        certbot certonly --webroot -w /var/www/example/ -d -w /var/www/other -d -d -d -d

        Look under the heading "Method 3: Webroot Plugin for Production Sites" for more info in this post:

        I should probably also mention that when I asked about wildcard certificates, they weren't keen on adding the idea to their development track and weren't keen on including it in the future. Though, they also mentioned that if enough people asked for this feature, it would persuade them and this was quite a while ago so things may have changed since then. That being the case, you could search for an existing request or add a new one here:

        I just don't want to get your hopes way up there when it's not a "sure thing" at this point. I wanted to make sure I was clearer about that so there's no confusion.

        Let us know if you have anymore questions. :slight_smile: Hopefully, I've answered all of yours. If not, let me know. :slight_smile:



  • Daniel

    Take a look at this thread in LE forum

    They recomend this

    "I want to know if LetsEncrypt allows me to cover this domain and sub-domains?
    For example,,,

    Yes, you can get certificates for any subdomain combination. Note that you will have to pass the domain ownership challenge for each domain separately (i.e. passing the ownership challenge for does not automatically allow you to get certificates for any subdomain of For internal servers that do not have a publicly accessible IP address, your best bet is probably the DNS-01 challenge type, which lets you verify domain ownership using a TXT record with a challenge token.

    Certbot currently does not support this challenge type. My personal recommendation would be lego410, as it has good documentation and a lot of available integration plugins for various DNS providers, allowing you to automate this challenge type. A number of other clients, such as the bash clients79, support DNS-based challenges as well."

    "Can LetsEncrypt handle two level sub-domain? For example,,

    There are no limitations as to the "depth" of the domains included in your certificate - this should work. As long as you know the list of (sub)domains ahead of time, and you don't need too many different domains covered, Let's Encrypt would be fine for your use-case.

    Some of the limits you should be aware of:

    You can have up to 100 different FQDNs on the same certificate. As an example, you could have one certificate covering all domains from to
    You can get up to 20 certificates per week per registered domain (that would be in your example, so the TLD plus one DNS label). To pick up the previous example, you could get 20 certificates with 100 FQDNs per certificate, covering in one week. Renewals do not count towards that limit, so in the following week you could add another 2,000 FQDNs."