Previously, whenever you would alias a deployment to a custom domain…
now alias <deployment> my.custom.domain.com
… we would instantly issue a certificate on your behalf for my.custom.domain.com.
Starting today, if your domain is configured to use the ZEIT World DNS, we will issue a certificate for *.custom.domain.com automatically instead.
If you run now alias we automatically create your wildcard cert
This means now alias gets faster for subsequent subdomains you add, since we
no longer need to create new certificates on-demand. Our CLI and load balancers have been
upgraded to look for the wildcard certificate when a specific certificate doesn't match.
Notably, this is completely backwards compatible. The next time you run now alias we'll
attempt to generate a wildcard certificate and re-use it for subsequent invocations.
Aside from a much faster now alias process, this also opens up very interesting new possibilities.
As an example, you can have your CI / CD processes alias commit identifiers from
source control (like Git) to staging domains. You can dynamically deploy a commit
(e3cd2b1) and instantly alias it (e3cd2b1.staging.mydomain.com) with
no additional latency.
Before, when one of your users would go to a subdomain that didn't exist, they would get an SSL error. This is because by default we configure a wildcard DNS CNAME record so that *.mydomain.com goes to our load balancers (alias.zeit.co).
Thanks to wildcard certificates, we now render proper 404 pages and
clients can process the HTTP response with its status code.
We have bumped our /now/certs API endpoint to v3, with the following improvements:
The Common Name field now accepts wildcard domains
Whenever a domain is renewed, we don't replace the previous certificate. We always issue new ones, and our load balancers intelligently pick.
Deletion no longer works based on domain name, since a domain can actually be present in multiple certificates. Instead, you delete by supplying the certificate id. In the future, we plan to empower you to define what certificate is preferred for a certain domain or subdomain.