Wildcard domains allow you to serve multiple subdomains under a single domain (e.g., *.example.com) through your Blossom application, with SSL termination handled directly by your Blossom servers. This is useful when you need to dynamically handle multiple subdomains without configuring each one individually.

Note: If you’re using a CDN like Cloudflare, CloudFront, or Akamai, you’ll want to follow our CDN Wildcard Domains guide instead, as the SSL termination happens at the CDN level.

Overview

A wildcard domain certificate covers your main domain and all its subdomains. For example, a certificate for *.example.com will secure:

  • test.example.com
  • staging.example.com
  • client1.example.com
  • any-subdomain.example.com

Requirements

To use wildcard domains, you need:

  1. A DNS provider configured in Blossom that supports DNS validation
  2. Administrative access to manage DNS records for your domain

Supported DNS Providers

Blossom supports the following DNS providers for wildcard domains:

Blossom supports wildcard domains via Caddy. When validating certificates, Caddy automatically adds a TXT DNS record, validates it, and immediately removes it.

Configuration Steps

  1. First, ensure you have a DNS provider configured in Blossom:
    • Navigate to DNS Providers section
    • Click “Add New Provider”
    • Select your provider and enter the required credentials
  2. Configure your wildcard domain:
    • Go to your app’s Custom Domains section
    • Click “Add New Domain”
    • Enter your wildcard domain (e.g., *.example.com)
    • Select “HTTPS Wildcard” as the SSL mode
    • Choose your DNS provider from the dropdown
  3. After creation, Blossom will:
    • Automatically configure DNS validation
    • Obtain a wildcard SSL certificate through Let’s Encrypt
    • Set up the necessary proxy configurations

DNS Validation

Wildcard certificates require DNS validation (as opposed to HTTP validation) because they secure multiple subdomains. Blossom automatically handles this by:

  1. Creating the required DNS validation records through your DNS provider
  2. Verifying the records are properly set
  3. Completing the certificate issuance process

Important Notes

  • Wildcard certificates only cover one level of subdomains. For example, *.example.com will cover blog.example.com but not test.blog.example.com
  • The DNS provider must be properly configured with the necessary permissions for automated DNS validation
  • Certificate renewal is handled automatically by Blossom

Troubleshooting

If you encounter issues with wildcard domain setup:

  1. Verify your DNS provider credentials are correct and have the necessary permissions
  2. Check that your domain’s nameservers are properly configured to use your selected DNS provider
  3. Allow up to 15 minutes for DNS changes to propagate and the certificate to be issued
  4. For detailed debugging steps, see our Caddy debugging guide

Alternative Approaches

If you’re using a CDN to handle SSL termination for your wildcard domains, see our guide on CDN Wildcard Domains.

In this section: