Skip to content

[ACM] Document multi-level subdomain support and limits#30799

Open
ngayerie wants to merge 1 commit into
cloudflare:productionfrom
ngayerie:ngayerie/SPM-3540
Open

[ACM] Document multi-level subdomain support and limits#30799
ngayerie wants to merge 1 commit into
cloudflare:productionfrom
ngayerie:ngayerie/SPM-3540

Conversation

@ngayerie
Copy link
Copy Markdown
Collaborator

@ngayerie ngayerie commented May 13, 2026
edited
Loading

Summary

Documents the limits and capabilities for multi-level subdomains in Advanced Certificate Manager.

Problem

Customers ask about subdomain depth limits when evaluating ACM for deep multi-level subdomains like 1.2.3.4.5.example.com. The current documentation mentions "Cover more than one level of subdomain" but doesn't explain the actual constraints.

Solution

Added a new "Multi-level subdomain support" section to the ACM page explaining:

  • No arbitrary depth limit - subdomain depth is constrained by character limits, not level count
  • Domain name length limits - 253 chars total, 63 chars per label (RFC 1035/5280)
  • Common Name workaround - Cloudflare uses sni.cloudflaressl.com as CN when hostname exceeds 64 chars
  • Wildcard coverage - wildcards only cover one level, with examples
  • 50 hostnames per certificate - practical limit for SANs
  • CA consistency - same limits across Google Trust Services, Let's Encrypt, and SSL.com

Ticket

  • SPM-3540

@ngayerie
[ACM] Document multi-level subdomain support and limits
d60f10b 
Adds a new section explaining:
- No arbitrary limit on subdomain depth
- Domain name length limits (253 chars total, 63 chars per label)
- Common Name 64-char limit and Cloudflare's SAN workaround
- Wildcard coverage (one level only) with examples
- 50 hostnames per certificate limit
- CA differences (none - all follow same standards)

Addresses SPM-3540
@ngayerie ngayerie requested a review from elithrar as a code owner May 13, 2026 16:47
@github-actions github-actions Bot added product:ssl Related to SSL size/s labels May 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@elithrar elithrar Awaiting requested review from elithrar elithrar is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

@elithrar elithrar

Labels

product:ssl Related to SSL size/s

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ngayerie @elithrar