DigitalOcean

Report this

What is the reason for this report?
Question

Wildcard subdomains with ssl via load balancer

Posted on April 7, 2020
Load Balancing
Kubernetes
sneddo

By sneddo

I am developing a SAAS platform and require a subdomain for each signup, in theory it would be possible to create a new record for each subdomain as someone signs up but this creates overhead that doesn’t exist if wildcard ssl certificates are supported.

I note from the Loadbalancer documentation they are not.

With that said, what would be your recommendation to get past this?

Please note, I am looking for a solution that doesnt require provisioning subdomains for each new sign up… Not least because of the rate limits on Lets Encrypt (50 certs a week per registered domain), we could of course use a combination of 100 names per cert to get that up to 5k a week which would probably be fine but again that is additional overhead for something which could be very simple.

Thanks



This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
sneddo
sneddo
April 11, 2020

As per my last comment I achieved what I wanted via NGINX Ingress controller, Cert-manager and the DO load balancer.

There is an app in DO marketplace for NGINX ingress controller.

Then used Cert manager and set up an initial test as per this article: https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nginx-ingress-with-cert-manager-on-digitalocean-kubernetes#step-4-—-installing-and-configuring-cert-manager

For wild cart you need to use dns01, documentation on the cert-manager site: https://cert-manager.io/docs/configuration/acme/ - config details for lets encrypt

https://cert-manager.io/docs/configuration/acme/dns01/digitalocean/ - config for DO dns01 integration. Couple of points which were not clear to me from the above are that you need to create a secret and that your api key within the secret needs to be base64 encoded. I have created a pull request to update the documentation but in case you need it before then this is an example secret:

apiVersion: v1
kind: Secret
metadata:
  name: digitalocean-dns
  namespace: cert-manager
data:
  # insert your DO access token here
  access-token: "base64 encoded access-token here"

Also, http01 confirmations can take a while so dont worry.

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and AI-native businesses

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2026 DigitalOcean, LLC.Sitemap.