My recent infrastructure had the following setup:
- A domain on Route53 as
example.com
. - Several subdomains e.g.
blog.example.com
,dev.example.com
etc. - A certificate on ACM with
*.example.com
as its entry.
Everything worked as expected, until I was required to add another domain, e.g. abc.dev.example.com
. SSL doesn't work on this newly created subdomain.
My previous experience suggests creating a new certificate for this new subdomain, it has worked for me earlier as well. But it doesn't seem to be a best practice. Can I refresh/update my current certificate to accommodate the new subdomain?
This is because wildcard SSL cert can only support one subdomain level. From docs:
So in your case you need new certificate for
*.dev.example.com
.