A subdomain is a part of the main domain, for example if the main domain is example.uz, then blog.example.uz, shop.example.uz, and admin.example.uz are its subdomains. Each subdomain works as a separate site and needs its own SSL certificate. If a subdomain does not have a certificate installed, the browser shows it as insecure and warns the user. There are three main ways to solve this issue: Wildcard certificate, Multi-Domain SAN certificate, and separate certificates for each subdomain.
Wildcard SSL certificate
The Wildcard certificate is the most convenient and frequently used option if you have many subdomains. It covers the main domain and all its subdomains with a single certificate. The CN field of the certificate uses an asterisk followed by the domain, and this asterisk works instead of any single-level subdomain. That is, it covers blog.example.uz, shop.example.uz, and an unlimited number of other subdomains. However, the Wildcard certificate does not cover multi-level subdomains, for example api.v2.example.uz requires a separate certificate.
Multi-Domain SAN certificate
The Subject Alternative Name or SAN certificate is an option where one certificate covers multiple specific domains and subdomains. This certificate can combine different domains. Usually up to 100 domains can be added to a SAN certificate, some providers increase this number to 250. The price of a SAN certificate depends on the number of added domains but is much cheaper than buying a separate certificate for each domain.
Separate certificates and Let's Encrypt
Getting a separate certificate for each subdomain is the most flexible but technically demanding option. This path is especially suitable for free Let's Encrypt certificates because they automatically renew and reduce management complexity. The Certbot utility obtains a separate certificate for each subdomain and automatically renews them.
Sayt.uz practice
Sayt.uz hosting clients are provided with a free Wildcard Let's Encrypt certificate that automatically covers all subdomains. Commercial Wildcard certificates start from 690 thousand soum, SAN certificates from 390 thousand soum. In our panel, each subdomain is automatically detected and the certificate is applied immediately. 97 percent of clients complete this process in 5 minutes. Consulting on complex cross-domain configurations starts from 79 thousand soum.