Wildcard SSL - Sub-Domain Not working with www

Pretty new to using SSL’s so appreciate you patience. I just got a Wildcard SSL from zerossl.com and have applied to the domain in Godaddy’s cPanel. All looks good for the primary domain. However, when I add a subdomain such as tcsingles.mickells.com it doesn’t appear to work for https://www.tcsingles.mickells.com only for the “naked” URL version.

I’m certain its a simple fix I’m just not aware of yet. Does anyone have any suggestions?

My domain is: mickells.com

I ran this command: No command used

It produced this output: No output provided

My web server is (include version): Godaddy Hosting

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is: GoDaddy

I can login to a root shell on my machine (yes or no, or I don’t know): Not sure I can on GoDaddy hosting

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): Not sure exactly what is being asked for here. If asking if I use cpanel then yes. The version is 78.0.38.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Not currenty using certbot…would be nice though…using SSL from zerossl.com

1 Like

A wildcard (*) will only match a single ‘label’ in a domain, and you can only have one wildcard (as the very left label).

tcsingles.mickells.com is OK.

www.tcsingles.mickells.com is not OK, because the wildcard would have to cover both the www and the tcsingles - but it’s not allowed to do that.

In your case it might be easier to just create a certificate with all the names you actually need, rather than using a wildcard. Depends how many you have in total, though.

Running into this problem is fairly common, and the solutions are usually:

  • Don’t use a wildcard, or
  • ‘Flatten’ your domains so that the wildcard works. e.g. Don’t use the www. subdomain, just leave it at tcsingles.mickells.com.
3 Likes

That’s just how it works.

A certificate for *.example.com works for all third level domains under example.com.

But www.something.example.com is a fourth level domain under something.example.com and example.com.

2 Likes

okay, what both (@_az & @9peppe) of you makes since. Honestly I don’t really care about the “www” I just didn’t want someone to type that in and it not be secure. Would it be possible to just redirect the www. url to the one that is secured?

1 Like

With a redirect, it depends. As long as you never use “HSTS” (which automatically forces your browser to use HTTPS for any requests to your domain), you should be fine. And it doesn’t look like you have HSTS setup right now.

Personally, I’d just delete the 'www" subdomain from DNS, so it’s not even a question anymore.

3 Likes

Sounds like a solid plan. Thank you!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.