Domain Types
Before installing AutoSSL, decide which domain type you need.
Single Domain
A single-domain setup can cover:
example.com
www.example.comIn ACME commands, list both the root domain and www so both names are included in the issued certificate:
--domain example.com \
--domain www.example.comMulti-Domain
For multi-domain certificates, the www version of a base domain is usually included at the product/subscription level. It should not be treated as an extra purchased domain slot.
However, in server-side ACME commands, explicitly list every hostname you want in the issued certificate. For example:
example.com
www.example.com
example.net
www.example.net
shop.example.orgThe command lists www so the final certificate SAN contains it:
--domain example.com \
--domain www.example.com \
--domain example.net \
--domain www.example.net \
--domain shop.example.orgWildcard
A wildcard setup should protect:
example.com
*.example.comIn ACME commands, include both the root domain and wildcard:
--domain example.com \
--domain "*.example.com"WARNING
Wildcard certificates require DNS validation. HTTP webroot, Nginx plugins, and Apache plugins usually cannot issue wildcard certificates directly.
DNS API Recommended
For automated wildcard issuance and renewal, use a DNS API.
Cloudflare DNS example:
export CF_Token="Cloudflare API Token"
export CF_Account_ID="Cloudflare Account ID"
~/.acme.sh/acme.sh --issue \
--dns dns_cf \
-d example.com \
-d "*.example.com" \
--server "$ACME_SERVER"Without a DNS API, manual DNS mode is possible, but renewals also require manually updating TXT records.