Rate this article: (16 votes, average: 3.25)
Do I need a different SSL certificate for WWW and without versions of my website?
Many customers ask us whether their SSL certificate covers both the WWW and non-WWW variations of their domain. All Comodo SSL certificates can secure both the WWW and non-WWW variations of your website. You don’t need a separate SSL for www and non www, although the specifics depend on which certificate type you have:
Per WWW standards, even though your website may be the deployed as “domain.com,” it will also deploy as “www.domain.com.”
There is some misinformation out there about this topic. After all, SSL is an encryption-based protocol that will only secure the domain it has been issued for.
Almost all CAs – including Comodo – can secure both WWW and non-WWW variations with a single certificate.
For single domain and wildcard certificates, both are covered automatically. When you generate your certificate signing request (CSR) for your WWW website, it will automatically cover the non-WWW variation as well. So if you generate a certificate for www.domain.com, it will also secure domain.com. The browser will show the protocol you’re using, HTTPS, at the front of each address, too. You have nothing to worry about.
For multi-domain and multi-domain wildcard certificates, you just need to add separate SANs (one for www and one for non-www).
You can find a selection of Comodo SSL certificates right here:
Tip: You can typically save a significant amount by buying your SSL certificate direct instead of through your web hosting company. We sell all Comodo SSL certificates at up to 75% off.
If your SSL certificate doesn’t work on both WWW and non-WWW variations, you have a couple options.
One of the easiest ways to get around this problem is to redirect your visitors from the non-WWW domain to the WWW version. Just use 301 redirects and you’ll be fine.
If you have a multi-domain certificate, you can add an additional SAN so both are covered.
Or, you could purchase a Wildcard certificate, which will protect all sub-domains (even WWW), and install that on your server. We really wouldn’t recommend using a Wildcard this way, though. It’s cheaper, and far easier, to just use a CA that allows you to secure both—like Comodo.