wildcard certificate does not work for sub-domain

Question

I have created a wildcard certificate that works for for xxx.domain.com but not for aaa.bbb.domain.com

when creating the certificate:

Common Name (e.g. server FQDN or YOUR name) []:*.domain.com

but it seems to not be enough.

Answer 1

Wildcard SSL certificate matches only one level. See

• Problems with SSL and multi level subdomains
• wildcard ssl certificate does not cover www version, how do I fix?
• SSL Multilevel Subdomain Wildcard
• https://serverfault.com/questions/296390/ssl-domain-problem-for-signed-asterisk-certificates
• https://serverfault.com/questions/645230/why-does-my-wildcard-ssl-certificate-cause-a-domain-mismatch-error-on-a-second-l
• https://serverfault.com/questions/87869/ssl-certificates-for-subdomain-example-com
• https://serverfault.com/questions/104160/wildcard-ssl-certificate-for-second-level-subdomain
• https://serverfault.com/questions/871171/cant-secure-sub-domain-with-ssl
• https://serverfault.com/questions/817255/difference-between-wild-card-ssl
• https://security.stackexchange.com/questions/83245/ssl-cert-for-sub-domain-com-and-www-sub-domain-com
• https://security.stackexchange.com/questions/158332/what-are-wildcard-certificate-limitations-in-san-extension