Www on subdomain "Not secured"

I added a wildcard certificate to rajnarayanan.com via the Plesk panel. But, the Plesk SSL Certificate page for weatherapp.rajnarayanan.com says that "www" is not secured. When I visit weatherapp.rajnarayanan.com, it works fine and shows the padlock icon. But going to www.weatherapp.rajnarayanan.com shows a page that says "DNS_PROBE_FINISHED_NXDOMAIN" with the "This site can’t be reached" error message.

How can I secure "www" for the subdomain with a wildcard certificate? Some users may go to www.weatherapp.rajnarayanan.com and get this error message.

Information online on this issue with Let's Encrypt is very confusing. I also removed the www DNS A record in my DNS records, but I still get the same error message. Thanks for your help in advance.

1 Like

[basic steps for every site]
Step #1: DNS - make sure that FQDN resolves to the required IP(s).
Step #2: Hosting - make sure the name(s) can be served by the web server
Step #3: TLS - make sure to get a cert that covers all names

In your case, you already have a TLS wildcard cert that (you might presume) covers both names.
So, I'd focus on steps 1 & 2 [in that order]

But it is highly likely that your cert doesn't cover both names, and you will need to replace it with one that does.
Note:
A wildcard cert for *.example.com (with only 2 dots) will NOT cover names with more than 2 dots.
Like: www.site.example.com
[this has 3 dots and needs a wildcard cert *.site.example.com OR an explicit FQDN in the cert SAN]

4 Likes

Actually, I just added a www.weatherapp (www.weatherapp.rajnarayanan.com) A record in the DNS settings and the SSL certificate was able to protect the www subdomain.

I beg to differ:
SSL Server Test: www.weatherapp.rajnarayanan.com (Powered by Qualys SSL Labs)

4 Likes

But Plesk says the www subdomain is protected.

But the Internet shows otherwise.
Who do you believe?

It can't be protected by the "smaller" wildcard certificate.
I already explained why.

3 Likes

Ok. I believe you. But, the important thing is when a user navigates to www.weatherapp.rajnarayanan.com, they are automatically redirected to weatherapp.rajnarayanan.com which is what I wanted to accomplish. So, I'm happy unless this may not be the most ideal solution.

There are four cases that must all be covered correctly for things to work in all cases:

  1. http://www.weatherapp.rajnarayanan.com/
    As per your post, this one should redirect to:
    http://weatherapp.rajnarayanan.com/

  2. http://weatherapp.rajnarayanan.com/
    Presumably would be redirected to HTTPS:
    https://weatherapp.rajnarayanan.com/

  3. https://www.weatherapp.rajnarayanan.com/
    As per your post, this one should redirect to:
    https://weatherapp.rajnarayanan.com/
    But before it can, it must satisfy the secure request - which requires a cert covering its' name.

  4. https://weatherapp.rajnarayanan.com/
    This is where you want all clients to end up at.

Not all cases have been covered [yet].
#1, #2, #4 work
#3 fails

4 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.