Using www and non‑www Domains with an SSL Certificate

When you install an SSL certificate, it’s important to ensure that it works for both versions of your domain:

• https://example.com (non‑www)

• https://www.example.com (www)

If only one version is covered, visitors may see browser security warnings when accessing the other.

Why This Matters

• Many SSL certificates are issued for a single domain (e.g., www.example.com).

• Visitors who type example.com without the www prefix may encounter errors if the certificate doesn’t cover both.

• Ensuring both versions are secured improves trust and avoids confusion.

Solutions

1. Order a Certificate Covering Both Versions

• When generating your CSR (Certificate Signing Request), include both example.com and www.example.com.

• Many providers issue certificates that automatically cover both.

2. Use a Wildcard SSL Certificate

• A Wildcard SSL secures all subdomains of a domain.

• Example: *.example.com covers www.example.com, mail.example.com, etc.

• Note: Wildcards do not cover the root domain (example.com) unless explicitly included.

3. Redirect Traffic with .htaccess (Apache/LiteSpeed)

If your certificate only covers one version, redirect visitors to the secured version:

Apache

RewriteEngine On
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]

 This ensures all traffic is redirected to the www version with SSL enabled【edge_current_page_context†source】.

4. Configure in cPanel/WHM

• In cPanel → Domains, enable Force HTTPS Redirect for both www and non‑www versions.

• In WHM, configure Apache to handle both hostnames under the same SSL certificate.