Wildcard SSL - Sub-Domain Not working with www

mmickells · March 5, 2020, 7:36pm

Pretty new to using SSL’s so appreciate you patience. I just got a Wildcard SSL from zerossl.com and have applied to the domain in Godaddy’s cPanel. All looks good for the primary domain. However, when I add a subdomain such as tcsingles.mickells.com it doesn’t appear to work for https://www.tcsingles.mickells.com only for the “naked” URL version.

I’m certain its a simple fix I’m just not aware of yet. Does anyone have any suggestions?

My domain is: mickells.com

I ran this command: No command used

It produced this output: No output provided

My web server is (include version): Godaddy Hosting

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: GoDaddy

I can login to a root shell on my machine (yes or no, or I don’t know): Not sure I can on GoDaddy hosting

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Not sure exactly what is being asked for here. If asking if I use cpanel then yes. The version is 78.0.38.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Not currenty using certbot…would be nice though…using SSL from zerossl.com

_az · March 5, 2020, 7:48pm

A wildcard (*) will only match a single ‘label’ in a domain, and you can only have one wildcard (as the very left label).

tcsingles.mickells.com is OK.

www.tcsingles.mickells.com is not OK, because the wildcard would have to cover both the www and the tcsingles - but it’s not allowed to do that.

In your case it might be easier to just create a certificate with all the names you actually need, rather than using a wildcard. Depends how many you have in total, though.

Running into this problem is fairly common, and the solutions are usually:

Don’t use a wildcard, or
‘Flatten’ your domains so that the wildcard works. e.g. Don’t use the www. subdomain, just leave it at tcsingles.mickells.com.

9peppe · March 5, 2020, 7:49pm

That's just how it works.

A certificate for *.example.com works for all third level domains under example.com.

But www.something.example.com is a fourth level domain under something.example.com and example.com.

mmickells · March 5, 2020, 7:56pm

okay, what both (@_az & @9peppe) of you makes since. Honestly I don’t really care about the “www” I just didn’t want someone to type that in and it not be secure. Would it be possible to just redirect the www. url to the one that is secured?

_az · March 5, 2020, 8:00pm

With a redirect, it depends. As long as you never use “HSTS” (which automatically forces your browser to use HTTPS for any requests to your domain), you should be fine. And it doesn’t look like you have HSTS setup right now.

Personally, I’d just delete the 'www" subdomain from DNS, so it’s not even a question anymore.

mmickells · March 5, 2020, 8:10pm

Sounds like a solid plan. Thank you!

system · April 4, 2020, 8:10pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.