Sectigo® CaaS DV + Wildcard Information

Secure your website and all subdomains with Sectigo® CaaS DV + Wildcard, a Wildcard SSL Certificate from one of the world's most trusted Certificate Authorities (CA) delivered through Certificate as a Service (CaaS). This SSL Certificate provides instant Domain Validation (DV) with coverage for both *.yourdomain.com and the root domain yourdomain.com, securing unlimited subdomains through automated API-based deployment.

Designed for organizations operating large-scale subdomain infrastructure, DevOps teams managing dynamic environments, and businesses that require automated Wildcard SSL Certificate control from a globally recognized Certificate Authority (CA), Sectigo® CaaS DV + Wildcard delivers enterprise-grade subdomain protection with full API-driven deployment.

Secures Unlimited Subdomains + Root Domain 🔗	Instant Domain Control Validation 🔗
USD $500,000 Relying Party Warranty 🔗	2048-bit Industry Standard SSL Certificate
API-Based Management	Delivered Via E-Mail
Includes Sectigo® Trust Seal 🔗	Unlimited Server Licenses
Optional Installation Service 🔗	Unlimited Reissuance Policy 🔗
99.9% Web Browser Ubiquity 🔗	Extend License Without Reinstallation

Build customer trust across unlimited subdomains with Wildcard SSL Certificate security from Sectigo® delivered through the Trustico® CaaS platform. This SSL Certificate combines comprehensive subdomain coverage from an industry-leading Certificate Authority (CA) with automated API management for scalable deployment.

Sectigo Trust Across Every Subdomain

Sectigo is one of the world's largest commercial Certificate Authorities (CA), with root Certificates trusted by virtually every browser, operating system, and mobile platform in use today. When you secure your subdomains with a Sectigo Wildcard SSL Certificate, every subdomain under *.yourdomain.com inherits this established trust chain. Visitors accessing app.yourdomain.com, portal.yourdomain.com, or any other subdomain see the same trusted HTTPS connection backed by Sectigo's globally recognized root Certificates.

This level of trust is particularly important for organizations that serve customers, partners, or internal teams across multiple subdomains. Each subdomain carries the credibility of a Certificate Authority (CA) whose Certificates are pre-installed in Chrome, Firefox, Safari, Edge, iOS, and Android, ensuring consistent recognition without any manual trust store configuration. Learn About Sectigo Certificate Authority 🔗

Wildcard Coverage for Dynamic Infrastructure

Sectigo® CaaS DV + Wildcard protects unlimited subdomains under *.yourdomain.com with a single SSL Certificate, and also secures the root domain yourdomain.com itself. This coverage applies automatically to every subdomain that exists today and every subdomain you create in the future. There is no need to request additional SSL Certificates, update configurations, or repeat validation when you add staging.yourdomain.com, api.yourdomain.com, or any new subdomain to your infrastructure.

For organizations with dynamic infrastructure where subdomains are created and removed as part of deployment pipelines, customer provisioning, or auto-scaling processes, this automatic coverage eliminates the SSL Certificate management overhead that would otherwise scale linearly with your subdomain count. Understand Wildcard Benefits 🔗

Automated Management Through Certificate as a Service

The Certificate as a Service (CaaS) delivery model transforms Wildcard SSL Certificate management from a manual operational task into an automated infrastructure process. Instead of manually generating Certificate Signing Request (CSR) files, completing domain validation through dashboards, and downloading SSL Certificate files for installation, your systems handle the entire Wildcard SSL Certificate lifecycle through the Automated Certificate Management Environment (ACME) protocol.

When you purchase a Sectigo® CaaS DV + Wildcard SSL Certificate, you are purchasing an SSL Certificate license for a set period. Throughout your license period, your ACME client automatically reissues Wildcard SSL Certificates as they approach expiration, extending the expiration date of your installed SSL Certificate based on your available license validity. This means you purchase once and every subdomain stays protected continuously for the duration of your license.

When your license period approaches its end, you can extend or renew it without any reinstallation or reconfiguration on any of your servers. The extended license validity is recognized automatically, and your ACME client continues to obtain Wildcard SSL Certificates as usual across every subdomain.

There is no need to update External Account Binding (EAB) credentials, modify Domain Name System (DNS) configurations, or change any part of your existing automation setup. Learn About License Extensions 🔗

Sectigo® CaaS DV + Wildcard provides API access to every stage of the SSL Certificate process. DevOps teams can integrate Wildcard SSL Certificate provisioning into their existing automation pipelines, treating subdomain security as another deployment step that runs alongside code releases, infrastructure changes, and environment provisioning. Discover Certificate as a Service 🔗

ACME Protocol for Wildcard Automation

Sectigo® CaaS DV + Wildcard uses the Automated Certificate Management Environment (ACME) protocol, defined in RFC 8555, to automate the complete Wildcard SSL Certificate lifecycle. An ACME client installed on your server communicates directly with the Sectigo Certificate Authority (CA) to handle domain verification, SSL Certificate issuance, server configuration, and reissuance without manual steps.

Wildcard SSL Certificates require DNS-01 validation, where the ACME client creates a temporary TXT record in your domain's Domain Name System (DNS) zone. Many ACME clients include built-in integrations with popular Domain Name System (DNS) providers such as Cloudflare, AWS Route 53, Google Cloud DNS, Azure DNS, and DigitalOcean, allowing fully automated record creation and cleanup.

Once the Sectigo Certificate Authority (CA) verifies your domain control, it issues the Wildcard SSL Certificate, which the client installs and configures automatically. Explore ACME Protocol Details 🔗

ACME Client Compatibility

Sectigo® CaaS DV + Wildcard works with every major ACME client that supports DNS-01 challenges. Certbot is the most widely used option, providing Wildcard SSL Certificate support through Domain Name System (DNS) plugins for dozens of hosting and cloud providers. The acme.sh client offers the broadest Domain Name System (DNS) API integration library, supporting over 150 providers, making it a strong choice for automated Wildcard deployments across diverse infrastructure.

For Kubernetes environments, cert-manager handles Wildcard SSL Certificate issuance and reissuance as a native cluster resource with built-in DNS-01 solver support. Windows environments are covered by win-acme and Certify The Web for Microsoft Internet Information Services (IIS) deployments. Lego, dehydrated, and Posh-ACME provide additional options for Go, shell, and PowerShell environments.

All of these clients authenticate with the Sectigo Certificate Authority (CA) using External Account Binding (EAB) credentials from your Trustico® account. Find Out More About Supported ACME Clients 🔗

External Account Binding Authentication

External Account Binding (EAB) securely links your ACME client to the Sectigo Certificate Authority (CA) through your Trustico® account. During initial setup, you provide a Key Identifier and HMAC Key generated from your Trustico® dashboard. This one-time authentication step authorizes your ACME client to request and reissue Sectigo Wildcard SSL Certificates.

For Wildcard deployments spanning multiple servers or environments, you can generate separate External Account Binding (EAB) credentials for each deployment context. This gives your team clear visibility into which systems are managing Wildcard SSL Certificates and simplifies credential rotation if a specific server or environment is decommissioned. View Our EAB Credential Setup Guide 🔗

DNS-01 Validation for Wildcard SSL Certificates

Wildcard SSL Certificates are validated exclusively through DNS-01 challenges, which require your ACME client to create a temporary TXT record in your domain's Domain Name System (DNS) zone. The Sectigo Certificate Authority (CA) queries this record to confirm that you control the base domain, and upon successful verification, issues your Wildcard SSL Certificate covering *.yourdomain.com.

DNS-01 validation offers a distinct advantage : it does not require your web server to be publicly accessible. This makes it suitable for securing subdomains on servers behind firewalls, within private networks, or in staging environments that are not exposed to the internet. Your ACME client automates Domain Name System (DNS) record creation through provider API integrations, handling the entire process without manual intervention. Learn About Validation Methods 🔗

Future-Proofing Against Shorter Validity Periods

The CA/Browser Forum has mandated progressive reductions in SSL Certificate validity periods that will affect all Certificate Authorities (CA) including Sectigo. Maximum validity drops to 200 days from March 2026, then to 100 days from March 2027, and to 47 days from March 2029. For Wildcard SSL Certificates that protect entire subdomain infrastructures across multiple servers, the impact of frequent manual reissuances would be substantial.

At 47-day intervals, a manually managed Wildcard SSL Certificate would require reissuance approximately eight times per year, with each cycle demanding Certificate Signing Request (CSR) generation, DNS-01 validation, and reinstallation across every server hosting your subdomains. Sectigo® CaaS DV + Wildcard with ACME automation handles each of these reissuance cycles silently and reliably, ensuring your subdomain infrastructure remains continuously protected regardless of validity period length. Explore Traditional vs CaaS Comparison 🔗

Robust Encryption Across All Subdomains

Sectigo® CaaS DV + Wildcard implements 2048-bit RSA encryption with 256-bit symmetric encryption consistently across every subdomain. Transport Layer Security (TLS) 1.2 and Transport Layer Security (TLS) 1.3 are fully supported, ensuring compatibility across all modern browsers and devices.

Every subdomain benefits from SHA-256 hashing algorithms, perfect forward secrecy, and Certificate Transparency logging. Elliptic Curve Cryptography (ECC) key types are also available for deployments that benefit from reduced key sizes and faster cryptographic operations. Compare Encryption Technologies 🔗

USD $500,000 Relying Party Warranty

Every Sectigo® CaaS DV + Wildcard SSL Certificate includes a USD $500,000 Relying Party Warranty covering all secured subdomains under your domain. Combined with unlimited reissuance rights accessible through API automation, this warranty provides comprehensive financial protection. Review Warranty Coverage 🔗

Sectigo® Trust Seal

Display the Sectigo® Trust Seal across all subdomains to show real-time validation status. The globally recognized Sectigo brand on your trust seal provides immediate credibility from a Certificate Authority (CA) that visitors and businesses worldwide already know and trust. Implement Trust Seals 🔗

DevOps and Infrastructure Integration

Sectigo® CaaS DV + Wildcard integrates with modern DevOps workflows by enabling automated Wildcard SSL Certificate provisioning during infrastructure deployment. Teams using Ansible, Terraform, Puppet, or CloudFormation can incorporate Sectigo Wildcard SSL Certificate management into their deployment templates, ensuring consistent subdomain security across development, staging, and production environments.

The API supports real-time monitoring of SSL Certificate expiration, automated reissuance triggers, and security compliance tracking across dynamic subdomain architectures. Kubernetes teams using cert-manager can manage Sectigo Wildcard SSL Certificates as native cluster resources, while platform engineering teams can automate SSL Certificate deployment for ephemeral preview environments and feature branch subdomains.

99.9% Browser Recognition

Sectigo root Certificates are embedded in virtually every browser and operating system trust store in use today. This means every subdomain secured by your Sectigo® CaaS DV + Wildcard SSL Certificate is trusted by 99.9% of web browsers and all major mobile platforms including iOS and Android. Understand Browser Recognition 🔗

Unlimited Server Licensing

Deploy your Sectigo Wildcard SSL Certificate across unlimited servers without licensing restrictions. For Wildcard deployments where the same *.yourdomain.com SSL Certificate must be installed on web servers, application servers, load balancers, and container nodes simultaneously, unlimited licensing eliminates per-server costs and administrative complexity.

Automated Installation

Install your Sectigo Wildcard SSL Certificate entirely through ACME client automation. The client generates your Certificate Signing Request (CSR), completes DNS-01 validation, retrieves the issued Wildcard SSL Certificate from Sectigo, and configures it on your server. This automated workflow is supported across Apache, Nginx, Microsoft Internet Information Services (IIS), cloud platforms, and container orchestration systems including Kubernetes. Access Installation Guides 🔗

Guides and Resources

Trustico® provides comprehensive guides and resources to help you get the most from your Sectigo® CaaS DV + Wildcard SSL Certificate. Detailed documentation covers ACME client setup, DNS-01 challenge configuration, External Account Binding (EAB) credentials, and Wildcard deployment best practices. For client-specific instructions such as configuring DNS plugins or scheduling automated reissuances, you should also refer to the official documentation provided by your chosen ACME client. Browse Technical Resources 🔗

Ideal Use Cases for Sectigo® CaaS DV + Wildcard

Organizations requiring Wildcard SSL Certificates from a globally recognized Certificate Authority (CA) for compliance, audit, or policy requirements can automate Sectigo Wildcard provisioning through the CaaS platform. SaaS platforms assigning customer subdomains such as client.yourdomain.com benefit from automatic coverage that secures each new customer subdomain the moment it is created.

Large-scale hosting providers managing hundreds of customer subdomains under a shared domain can automate Wildcard SSL Certificate issuance and reissuance without per-subdomain management overhead. Organizations running containerized microservice architectures across Kubernetes clusters benefit from automated Sectigo Wildcard SSL Certificate management through cert-manager, while continuous integration pipelines triggering feature branch deployments gain automatic subdomain protection for every preview environment.

Automate Subdomain Security with Sectigo

Sectigo® CaaS DV + Wildcard combines the global trust of one of the industry's leading Certificate Authorities (CA) with automated Wildcard SSL Certificate management through the ACME protocol. Broad ACME client compatibility, seamless External Account Binding (EAB) authentication, and DNS-01 automation ensure your entire subdomain infrastructure remains continuously protected.

Whether you are automating Wildcard SSL Certificate provisioning across dynamic cloud environments or securing an expanding subdomain architecture for your SaaS platform, Sectigo® CaaS DV + Wildcard provides enterprise-grade Wildcard protection from a globally trusted Certificate Authority (CA). Compare with Standard Wildcard Options 🔗