diff --git a/dehydrated b/dehydrated
index 880190db..362c4265 100755
--- a/dehydrated
+++ b/dehydrated
@@ -1152,6 +1152,16 @@ command_sign_domains() {
     [ ${aliascount} -lt 1 ] && alias="${domain}" || alias="${alias#>}"
     export alias
 
+    if [[ -z "${morenames}" ]];then
+      echo "Processing ${domain}"
+    else
+      echo "Processing ${domain} with alternative names: ${morenames}"
+    fi
+
+    if [ "${alias:0:2}" = "*." ]; then
+      _exiterr "Please define a valid alias for your ${domain} wildcard-certificate. See domains.txt-documentation for more details."
+    fi
+
     local certdir="${CERTDIR}/${alias}"
     cert="${certdir}/cert.pem"
     chain="${certdir}/chain.pem"
@@ -1160,12 +1170,6 @@ command_sign_domains() {
 
     timestamp="$(date +%s)"
 
-    if [[ -z "${morenames}" ]];then
-      echo "Processing ${domain}"
-    else
-      echo "Processing ${domain} with alternative names: ${morenames}"
-    fi
-
     # If there is no existing certificate directory => make it
     if [[ ! -e "${certdir}" ]]; then
       echo " + Creating new directory ${certdir} ..."
diff --git a/docs/domains_txt.md b/docs/domains_txt.md
index 26183e7d..db65d932 100644
--- a/docs/domains_txt.md
+++ b/docs/domains_txt.md
@@ -17,3 +17,6 @@ You can define an alias for your certificate which will (instead of the primary
 used as directory name under your certdir and for a per-certificate lookup.
 This allows multiple certificates with identical sets of domains but different configuration
 to exist.
+
+Certificates with a wildcard domain as first (or only) name require an alias to be set.
+Aliases can't start with `*.`.