From a3a25608dde5b5a143f67485d6986acf494642fd Mon Sep 17 00:00:00 2001
From: Matt Sartwell <mesartwell@gmail.com>
Date: Fri, 30 Jan 2026 12:21:10 -0800
Subject: [PATCH] Clarify Pangolin docs for wildcard certificates

- add illustrative config.yml snippet
- extend highlight to capture relevant traefik line
- clarify pangolin dashboard is inaccessible at step 3 in the process
---
 self-host/advanced/wild-card-domains.mdx | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/self-host/advanced/wild-card-domains.mdx b/self-host/advanced/wild-card-domains.mdx
index 5b02888..b1825eb 100644
--- a/self-host/advanced/wild-card-domains.mdx
+++ b/self-host/advanced/wild-card-domains.mdx
@@ -61,7 +61,14 @@ The [rate limits](https://letsencrypt.org/docs/rate-limits/) for Let's Encrypt a
 </Step>
 
 <Step title="Configure Pangolin">
-  Set the `prefer_wildcard_cert` flag to `true` in the Pangolin configuration file for your domain. Or update it on the Domains page in the Pangolin dashboard.
+  Set the `prefer_wildcard_cert` flag to `true` in the Pangolin configuration file for your domain. This is also configurable in the Pangolin dashboard (once restarted).
+
+```yaml title="config.yml" highlight={4}
+  domains:
+    domain1:
+        base_domain: "example.com"
+        prefer_wildcard_cert: true
+  ```
 </Step>
 </Steps>
 
@@ -130,7 +137,7 @@ This is the default config generated by the installer. This is shown here for re
 <Step title="2. Add Wildcard Domains">
   Add the domain and wildcard domain to the domains section of the next (front end) router in the dynamic config. This tells Traefik to generate a wildcard certificate for the base domain and all subdomains.
 
-  ```yaml title="dynamic_config.yml" highlight={9-12}
+  ```yaml title="dynamic_config.yml" highlight={8-12}
   next-router:
     rule: "Host(`pangolin.example.com`) && !PathPrefix(`/api/v1`)"
     service: next-service