WWW and non-WWW Virtual host

Hello. Can you please explain one more time, since I am super confused.

Let’s encrypt added mysite . com and www . mysite . com to the whitelist.

I created two certificates for both mysite . com and www . mysite . com.

I created two Virtual hosts for both mysite . com and www . mysite . com with different SSLCertificateFile, SSLCertificateKeyFile, SSLCertificateChainFile, and ServerName.

I use it for Drupal web site with .htaccess settings:

RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} ^mysite\.com*
RewriteRule ^(.*)$ https://www.mysite.com/$1 [L,R=301]

Basically, I use only www url.

Am I right in this case?

If I check it (non www url) through ssllabs it says :
Prefix handling - Not valid for “mysite” - CONFUSING

OR it is better/easy to have one Virtual host and add ServerAlias www . mysitec . com. In this case I should use certificate for www or non-www version?

Thank you!

You can use multiple domains in one cert by making use of multiple 'Subject Alternative Names' in the X509v3 certificate.
As an example you could request one single certificate that is valid for multiple domains.

letsencrypt --agree-dev-preview -d mysite.tld -d www.mysite.tld -d sub.mysite.tld -d www.sub.mysite.tld --config /path/to/my/settings/file.ini certonly

Good to know.

Will it work for subdomains which are not approved by LE yet?

Maybe it just me but it failed miserably whenever I tried more than 2 domains on the command line.

Only approved domains, and approved sub-domains will work.
You could fill in another form here to get more domains or subdomains whitelisted.

I got it.

Thank you.

Will try it now.

I checked the docks again, and it should work.

You can also call ./letsencrypt-auto --help to get some more info.

letsencrypt [SUBCOMMAND] [options] [-d domain] [-d domain] ...

Source