1

I have a domain that I run with SSL. I purchased a certificate for thedomain.com. Note that it does not apply to www.thedomain.com at all and I think that might be where my issue lies. My goal is that my visitors arrive at https://thedomain.com, without a www. There are four cases to cover:

 1. http://www.thedomain.com - Redirected in namecheap to https://thedomain.com
 2. http://thedomain.com - Redirected by server code
 3. https://thedomain.com - No redirect necessary
 4. https://www.thedomain.com - The problem case, read below

In that case last my www redirect does not seem to be working at all. I'm not sure why that is. Do I need to buy a second cert for www? Is there a way to setup my DNS to get it to simply redirect? I don't care to have my users come in on www at all, but I do need to redirect those people that manually type in the www address.

My host record is setup as follows:

Host  Redirect to             Record type
@     173.248.130.23          A (Address)
www   https://thedomain.com   URL Redirect (301)
JPRO
  • 123
  • 2

2 Answers2

0

Think about how this is happening.

The client requests https://www.example.com. It attempts to initiate the TLS session with the web server. It sees that there is no valid cert for that domain. It errors out before any redirect can happen.

You're going to need to either add a SAN to the additional cert for www.example.com, or you'll need another single-name cert for www.example.com

MDMarra
  • 100,734
  • 32
  • 197
  • 329
  • Was afraid you'd say that, but I wanted confirmation before dropping money on a second cert. Might have to try it. – JPRO May 19 '13 at 00:09
  • I have a client that uses a multi-domain certificate for this purpose. Depending on the vendor, once you get more than 4-5 domains, the multi-domain can save money and is easier to manage. – jeffatrackaid May 20 '13 at 17:56
0

Some certificate authorities provide what's called a wildcard certificate. I think you're looking for the features provided by that.

For example on the digicert website you can see this type of certificate:

I believe this is what MDMarra was also referring to. Wildcard certificates make use of SANs ( Subject Alternative Names).

There's an explanation of SANs here on the digicert site as well:

slm
  • 7,615
  • 16
  • 56
  • 76
  • There's no need for a wildcard cert for this. They're way more costly than getting a normal cert with a single SAN. This this case, the common name would be `example.com` and the single SAN would be `www.example.com` If he really only needs `example.com` and `www.example.com` then a wildcard is a waste of money. – MDMarra May 19 '13 at 01:19
  • Not only that, but `*.example.com` doesn't match `example.com` (though many wildcard certs have an example.com SAN added to them). – DerfK May 19 '13 at 01:53
  • My experience has been that the *.example.com has the example.com SAN added. I wasn't aware that that might not always be the case. – slm May 19 '13 at 02:05