Wait! Don't Leave Without Securing Your Site
Get enterprise - grade SSL certificates at a fraction of retail prices.
Save 10% on your first order, by entering coupon code SAVE10 during checkout.
FAQs
All
Business Validation
Certificate Authorities
Changes
Code Signing
Configuration
CPAC
CSR Code
CSR Decoder
CSR Generation Tutorials
CSR Generator
DigiCert
Domain Validation
Extended Validation
General
Install SSL Certificates
Installation
IP Address
LEI
Multi Domain
Payments
Private Key
Renewal
S/MIME
Types
Updates
Wildcard
How many domains can a multi-domain wildcard SSL certificate secure?
Most products on this page support up to 250 total SANs (1 primary domain + 249 additional). Default packages start at 3 or 4 SANs included; you add more individually at checkout. A few Sectigo OV multi-domain wildcards support higher caps; check the specific product page for the exact ceiling.
Copy Link
Why does the report show “Not Supported” for HSTS even though my SSL works?
HSTS is a server response header, not part of the certificate. The cert can be perfectly valid while HSTS stays unconfigured. Add it in the web server config: Apache uses Header always set Strict-Transport-Security, Nginx uses add_header Strict-Transport-Security.
Copy Link
Does the SSL checker work for certificates from any Certificate Authority?
Yes. It reads whatever certificate the server presents, from Sectigo, DigiCert, GeoTrust, RapidSSL, Thawte, GoGetSSL, Let’s Encrypt, Google Trust Services, and others. SSL Dragon’s SSL certificate catalog covers six of those CAs side by side.
Copy Link
Can I check the SSL certificate of an internal or local hostname?
No, public checkers can’t reach internal hosts behind firewalls. From a machine on the same network, run openssl s_client -connect host:443 -servername host for equivalent output. The OpenSSL command-line tool ships with most Linux distributions and is available for Windows.
Copy Link
What does it mean if the report shows an “incomplete chain”?
Your server isn’t sending all the intermediate certificates browsers need. The short fix: Apache uses SSLCertificateChainFile or a combined bundle, Nginx expects a fullchain.pem file, and IIS rebuilds the chain through the certificate import wizard.
Copy Link
What does my SSL Security Rating need to be?
Aim for an A or A+. A B works in every browser, but the gap usually points to fixable issues. Most rating drops trace back to two items the SSL checker flags in the security features panel: a missing HSTS header or an unconfigured CAA record. Neither requires touching the certificate.
Copy Link
How often should I check my SSL certificate?
Monthly is a reasonable baseline. With 200-day certificates now the maximum, set a hard reminder to run a full check 30 days before expiration. Run an extra check after renewals, since chain bundle mistakes are the most common post-renewal problem.
Copy Link
Will the 47-Day Certificate Lifespan Affect Wildcard Renewals?
Yes, by 2029. The 200-day cap shrinks to 100 days in 2027 and 47 days in 2029. Multi-year subscriptions handle reissuance automatically, and ACME automation removes the renewal workflow entirely for teams that want to set it once.
Copy Link
What Is the Cheapest Wildcard SSL Certificate?
$56.33 per year for the Sectigo PositiveSSL Wildcard or its Comodo equivalent. Both are domain-validated and issue in about 5 minutes after you confirm control of the domain by DNS or email.
Copy Link
Can I Install a Wildcard SSL Certificate on Multiple Servers?
Yes, with no per-server fees. Export the certificate, private key, and intermediate chain from the first installation and import them on each additional host. SSL Dragon imposes no server count limit on any wildcard product.
Copy Link