- You do not need another certificate for the www subdomain. You can just use SANs for this.
- On LEs own website this is how it is used. One certificate for
www.letsencrypt.organdletsencrypt.orgis used. This makes it possible that https://www.letsencrypt.org redirects to https://letsencrypt.org. - It is very common (and recommend) to use a cert with at least the
wwwsubdomain included as your default one, because there may always be users who type inhttps://www.<domain>.<TLD>and always users who only type inhttps://<domain>.<TLD>. (Note thathttps://sometimes does not have to be typed in) If you would not do so such users may get scary SSL errors and they do not know what they did wrong.
1 Like