Wildcard domains and certificates | Domains | Northflank Application docs

Domains /

Wildcard domains and certificates

You can configure your domains on Northflank to use wildcard redirect routing, which allows you to add subdomains without the need to add an individual DNS record for each new subdomain, and to use wildcard certificate generation, which allows you to add subdomains without requiring an individual certificate to be generated for each one, or to import and use your own certificate for your subdomains on Northflank.

You can use wildcard redirect routing in combination with wildcard certificate generation to allow the dynamic provisioning of subdomains in templates and preview environments.

Click here to view your account domains page.

Domain routing

You can enable wildcard domain routing when you add a domain to Northflank to automatically verify subdomains added to Northflank. Wildcard redirect routing must be configured when adding a domain to Northflank, and cannot be changed except by removing and re-adding the domain.


Wildcard routing will restrict the use of your domain to a single region, and you will be unable to use the top-level domain (also called the apex or root domain) for services.

To add a domain with wildcard routing, begin by adding a domain normally and expand advanced options. Select wildcard redirect from the domain routing drop-down menu, and choose the region you want to use the domain in. Click add domain and copy the record content to your DNS provider, in this case a CNAME record with an asterisk for the record name (for example *.example.com).

Return to Northflank and verify your domain to begin using it in your selected region. You can now add subdomains for this domain on Northflank without adding new DNS records to your DNS provider.

Adding a wildcard domain in the Northflank application

Certificate generation

You can choose to enable wildcard certificate generation when adding a domain to Northflank which allows you to avoid rate limits for certificate generation, as certificates are not generated for individual subdomains. Certificate generation must be configured when adding a domain to Northflank, and cannot be changed except by removing and re-adding the domain.

Wildcard certificates generate a certificate for the entire subdomain level. For example, enabling wildcard generation for *.example.com would provide the same certificate for any subdomains added to example.com, such as a.example.com and b.example.com.

You must configure wildcard certificate generation and domain redirect routing for a domain to dynamically generate subdomains in Northflank templates and preview environments.