Ssl not working with leading www on subdomain.. is this also a limit?

Apexworld · July 31, 2016, 8:03am

Hi, just wanted to confirm if lets encrypt ssl works on subdomain with leading www.
For eg. DOMAIN : example.com - both https://www.example.com and https://example.com works and working on my domain.

For eg. Subdomain: test.example.com - https://www.test.example.com doesnot work while https://test.example.com is working fine

Does it mean lets encrypt doesnt work on subdomain with leading www.?

My hosting provider Ventraip Australia, told me that lets encrypt doesnt not work on subdomain with leading www. But i m not conviced so i want to ask this to you guys if its true or my hosting provider just dont want the hassel.

I m on a whm multi hosting plans with ssh access and i can git install manually too. But i dint installed by myself since ventraip do provide one click lets enscrypt method. I choosed to use it… so my question is, is it true that lets encrypt doesnt work in subdomain with leading www.?

Thanks in advance

BhupenT

Apexworld · July 31, 2016, 8:14am

Working i mean is “shows the lock icon in browsers” and not working meaning, it shows me “the insecure page error pop up in browsers”.

kkp · July 31, 2016, 8:35am

The LE certificates will ‘work’ for the names in the certificate, and www is just letters like anything else.
Therefore, what you want is a certificate that is valid for (at least) two strings.
Here is what is in my renewal script:

letsencrypt-auto certonly --text --agree-tos --email user@example.com --webroot --webroot-path $WWWR -d cm.example.com -d nl.example.com -d www.cm.example.com

I now have 3 strings in the certificate:

cm.example.com
nl.example.com
www.cm.example.com <== this one I just added.

It works as it should (the browser is happy), so the statement you wrote Ventraip gave you is false.
Maybe if they are generating certificates on your behalf their generation script is broken, but as far as LE is concerned, www.cm.example.com is just a sub-sub domain, and as long as I can prove control (and do not get randomly blacklisted), I can get a cert with that string in it.

Tested working 5 minutes ago.

system · August 30, 2016, 8:35am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.