Www. requirement for auto renewal


#1

Hi all,
a (hopefully) quick clarification.

My blog utilises blog.companyname.com and is hosted with siteground.

Recently the Lets Encrypt cert did not renew, and when I contacted their support, they stated it was because I did not have “www.blog.companyname.com” - stating that the www was required.

www.blog.company.com is not in use, and have never been used by this site. As far I know, it has been successfully updating for 12 months+

I cannot see a requirement in the doco for www to be present - and it sounds a bit off.

Am I missing it in the doco? or is the support tech from siteground incorrect?


#2

Let’s Encrypt doesn’t require “www.” subdomains to exist. Certificates are issued for the exact list of names the client requests. The label “www” isn’t treated specially at all.

Some CAs automatically add “www” names to certificates – which is usually useful when you’re getting a certificate for “example.com”, and markedly less so when you’re getting a certificate for “blog.example.com” – but that’s never been Let’s Encrypt’s approach.

As an example, the certificate on this website contains only “community.letsencrypt.org”.

The software you or SiteGround are using might have further requirements, but they’re not coming from Let’s Encrypt.

There are other threads on this forum about SiteGround renewal issues – particularly this one – but I don’t think there’s much specific information.

Can you ask what they mean?


#3

Thanks for the reply - i ended up adding a “www.” just so i could move the issue along - but its nice to know - as it just sounded wrong - and didnt make sense.

i did ask for clarification, but he sent through vague documents (from siteground, not Lets Encrypt) which didnt back up what he claiming - and claimed they did. It was very trump-like.

Anyway, thanks for the reply - i will likely point to this thread in future when dealing with them.


#4

Hi @Verukins

additional:

There are sometimes users who add www. So if you have a domain name blog…, they don’t see the content.

In such cases it may be helpful to create

  • a dns entry www.blog … with the same A-record as blog…
  • one certificate with two names - www + non-www
  • two redirects http -> https (without changing the domain)
  • a redirect www.blog… -> blog…

That’s the standard solution with a domain. Same may be sometimes helpful if it is a subdomain.