Does wildcard certificate support wildcards with www?


Hi, I was happy to hear letsencrypt had wildcard certificate support. Spent 2 days dealing with it and at the end appeared it’s not quite true. I’m searching solution for this problem but can not find any.
I hope I’m wrong and I have some mistake, otherwise this wildcard certificate is useless.

Wildcard certificate works for:
but not for:

here is the command that I used to create certificate:
./ --renew --dns dns_gcloud -d -d ‘*’

Thanks in advance


That’s correct; * does not apply to Wildcards apply to exactly 1 label, not 0 or 2.

It’s not up to Let’s Encrypt, and it’s not controlled by the certificate; it’s how clients work.


Thanks for reply. It means I’m missing something.
How can I prevent people from visiting their pages with www?


You can’t. :slightly_frowning_face:

Many sites don’t try to. doesn’t exist, for example!

Your only other option is to list all the subdomains individually in your certificates.


Thanks anyway for fast support, I’ll try to issue a certificate for each newly created page. I think it will work and also will be more secure.


If there are no links anywhere to, then when a user types in “” in the address bar and presses enter, it should try
[for which you don’t need a certificate]

You can simply add an http block to catch that specific URL and redirect it (properly) to:
which then redirect to https://

[you can create a catch-all http block and redirect all http to https - but will need additional individual blocks to remove the www]
[or if you are real clever, you can create one redirection block than can remove the www from any URL]


That’s a neat suggestion, @rg305—and it’s an interesting possible disadvantage to using includeSubdomains in HSTS (!).


Interesting idea, but too late.

I have sometimes the problem:

Terrible, a new user, big bug

What happens: Every customer has a subdomain, the new user types www.subdomain..., no DNS entry is defined -> panic.

But I don’t want to create a www certificate (some customers are invisible).

And I use preload, so this wouldn’t work.

closed #9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.