Did you know wildcard SSL certificates only support one level of subdomain?
That is, a certificate for
*.foo.com will allow one single subdomain, i.e.:
They do not work for extra levels, i.e.:
You need a separate certificate for each level of subdomains. For example
you would need a separate wildcard certificate for
*.mail.foo.com to allow
it to work on any subdomain under
It’s a common misconception that a wildcard works on ANYTHING, so I hope this helps someone out of a head-scratcher.