When I look at the certificate itself, it just says "example.com" on it. The SSL is accepted OK when I'm on the "www" subdomain, so why does it fail when I'm on "es.example.com"?

I must be missing something here

incidentally, this is running on LAMP with CPANEL if that helps

I've just learned about something called a "wildcard SSL certificate".

Why didn't anyone mention this when I was buying my certificate?
sheesh...

I'm surprised the company didn't try to upsell you when you bought it.

I remember that issue when we got our first one. I'm not sure if they offered wildcard certificates at the time- I think they required you to buy a separate one for each subdomain you wanted to use.

I may be speaking out of turn but it's always been my understanding that certs are bound to a specific implementation of a domain URL? It used to be that a cert can work for example.com and not www.example.com. However lately we've installed a couple that work for both.

So a subdomain, yes, I think you may need multiple certs or a wildcard cert.

After a call with my registrar, I was dismayed to learn that a wildcard SSL cert costs 8x more than a regular one. Holy sticker shock! Is it normal for a wildcard SSL to cost almost $200 per year?

Then I started looking at other providers - $599 per year? $619.80 per year? even... $995 per year?

To me, it looks like just a regular certificate like any other, except that there's a "*" in it. Methinks we're all being gouged.

sounds like a bargain for more than 8 subdomains.

how is paying $200 for a little pile of ones and zeros a bargain. Isn't it possible to make my own SLL certificate in notepad?

I'm kidding

sort of

Well, you CAN create your own SSL certificate for free. The problem is, most people will get a warning message about it (I seem to remember it's something about an untrusted certifying organization), and there are a lot of hoops the customer has to go through to get the message to go away.

Definitely not something you'd want to do on a commercial site. But it beats paying for a "real" SSL cert for an intranet with a limited number of users.

For info, Google OpenSSL. There are probably other options, but that's the one that I've implemented on several servers.

Isn't it possible to make my own SLL certificate in notepad? .... Well, you CAN create your own SSL certificate for free.

This is a "self signed" cert, and yes you can, but it's not generated in notepad, it's generated via command line on your server. It can have the same strength of encryption levels. The problem is the user has to accept and install the cert, most people won't know what that means and will be outta' there.

What you're paying for is a cert generated by a "certificate authority" that says, yes, this site is who they say they are, and they've validated who they are by our authority. Most browsers recognize the authority certs and accept it without prompting for an "unrecognized cert."

Example, you buy a cert from Verisign or G.D., the browser "knows" to trust the cert by the C.A.'s signature. A self signed cert, "we don't know you."

You could always go with subfolders - there's no cost for that solution. It's better for SEO also.