Need to confirm http validation challenge using www

My current certificate provider fails the http challenge based on they only check the domain root and cannot check https://www.(domainname).com for the file, they ONLY check http://(domainname).com
Some users have www. in their posts, and no one seems to say that its invalid. But before I switch to letsencrypt I need to know if this works.

Sorry if this is a stupid question.

Hi @barry_at_uplifter,

Let me restate your question to make sure I’m understanding correctly. You have a domain and you want to get a certificate for only and have the CA validate ownership of that domain by only sending an HTTP challenge request to a path on

If my understanding is correct this will work with Let’s Encrypt.

If you wanted a certificate for both and then Let’s Encrypt will send a challenge request for both domains which it sounds like may cause you the trouble you’re trying to avoid.

In general Let’s Encrypt makes you demonstrate control of all of the domains you want the certificate to cover. If you aren’t able to do that for some domains you will have to fix the problem that prevents it, or omit them from the certificate (in which case users that see that certificate for the omitted domain name will get an error about a hostname mismatch).

Hope that helps,

OK, that sounds right.
The Certificates are for and the apex records redirect to www at the DNS.

LIke i said, current issuer says they will ONLY check and ignore even tho the certificate is for


1 Like

Understood. Then it sounds like you'll be happier with Let's Encrypt :slight_smile:

However, if you can’t post things at itself, you won’t be able to get a Let’s Encrypt certificate that covers without the www (but maybe that’s OK for you).

Basically, Let’s Encrypt lets you get certificates that cover any domain name or subdomain, as long as you can prove your control of that exact name. If you can affect, you can get a certificate that covers that; if you can affect, you can get a certificate that covers that. If you can affect, you can get a certificate that covers that.

With Let’s Encrypt, the registrant of can prevent issuance for subdomains by blacklisting issuance, for example with the CAA policy mechanism, but currently cannot cause or request issuance for subdomains merely by proving control of at the top level.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.