I am trying to get an SSL certificate for my domain with and without www.
On the InfinityFree website it says:
“Some certificates vendors also make it possible to issue certificates for “www.example.com” without including “example.com” as well (and vice versa). Please ensure your SSL certificates includes both the www and non-www versions of your domain name.”
I purchased my SSL certificate at Comodosslstore.com. In my InfinityFree CPanel menu under the SSL/TLS heading, it only lists my domain without the www. Therefore, when I enter my CSR at Comodosslstore.com, my domain does not have the www listed, and the domain field is grayed out and cannot be edited. Comodosslstore.com says you need to provide your domain with the www in order to get both to have the SSL certificate. How can I do this?
Here’s the information from Comodosslstore.com:
“To secure both www and non-www URLs, the sub-domain needs to be to the immediate left of the root domain (i.e. www.name-of-site.com). It will NOT work if there are two levels of sub-domains (i.e. www.mail.name-of-site.com).”
I suppose that paragraph can be removed from the article now. Most SSL vendors include the WWW subdomain by default. Historically, StartSSL didn’t do that (and they were popular), but they are gone now.
If you’re purchasing a regular, single domain certificate, it’s probably OK. If you want to be sure, you can take the generated certificate text after the certificate has been issued and plug it into a tool like this one: Certificate Decoder - Decode certificates to view their contents
Don’t worry about sharing the certificate, the SSL certificates are always public (the private key, as the name suggests, is the only thing which needs to be kept private).
@Admin said:
I suppose that paragraph can be removed from the article now. Most SSL vendors include the WWW subdomain by default. Historically, StartSSL didn’t do that (and they were popular), but they are gone now.
If you’re purchasing a regular, single domain certificate, it’s probably OK. If you want to be sure, you can take the generated certificate text after the certificate has been issued and plug it into a tool like this one: Certificate Decoder - Decode certificates to view their contents
Don’t worry about sharing the certificate, the SSL certificates are always public (the private key, as the name suggests, is the only thing which needs to be kept private).
You are correct. I installed my certificate, and even though my domain name did not have the www subdomain listed, it is working. So both the www and non-www are working now. Thank you.