cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution

SSL non www and www

If I purchase a basic GoDaddy one website SSL domain ( https://uk.godaddy.com/web-security/ssl-certificate ) does it include https://www.domain.com and https://domain.com - most competitors seem to include this now, so wanted to see if GoDaddy does, or do I need two certs or a multi domain cert for this?

2 ACCEPTED SOLUTIONS

Accepted Solutions
Solution

Re: SSL non www and www

@RexRoamer,

 

In GoDaddy UCC SSL Certificates, for your primary domain, you get covered for both non-www and www domains with a single domain entry in certificate. I just verified that. However, if it is not your primary domain and just a SAN, you still need to spend two SANs to cover the main domain and the 'www' sub domain.

 

To be clear, your solution works if the user types the following two URLs:-

http://replace-with-your-URL.com

http://www.replace-with-your-URL.com

They both get redirected to: https://replace-with-your-URL.com as expected.

 

However it does not work when the user types https://www.replace-with-your-URL.com.

User does not get redirected to https://replace-with-your-URL.com. Instead he gets a security warning because www.replace-with-your-URL.com is not in the list of domains (SANs) covered by the certificate.

 

So in reality, yours is not a 'complete' solution either. To be 'complete', the user should be redirected to https 'non-www' URL when he types https 'www' URL (according to our expectation here). To make that happen, you still need to add both:-

replace-with-your-URL.com

www.replace-with-your-URL.com

to your list of domains in certificate consuming 2 SANs. Please correct me if I'm wrong. Otherwise, next time we buy SSL, we need to do more research and see if other providers do in fact cover both www and non-www within a single SAN of their UCC SSL Certificate.

 

And if they do, BAD GoDaddy!

View solution in original post

Solution

Re: SSL non www and www

A couple of years has passed since I first posted on this thread and there is still no obvious answer.

All I can suggest is get rid of the SSL with GoDaddy and get a free version from Let’sEncrypt.

Here is a great video tutorial for setting this up on GoDaddy CPanel:

https://youtu.be/GPcznB74GPs

View solution in original post

25 REPLIES 25
Moderator
Moderator

Re: SSL non www and www

Hey @easueue,

 

Welcome to the community! Smiley Happy

 

Never hurts to ask, but that's actually pretty standard with most SSL providers. So in short, yes our standard SSL will secure your requested domain and the 'www' sub. 

 

CG - GoDaddy | Community Moderator
24/7 support available at x.co/247support
New

Re: SSL non www and www

Hi I setup an ssl certificate with you guys and I pointed it to www.mydomain.com.  Its running on Azure and when people hit my site without the www they get an invalid certificate warning.  What do I put in the domain or host to protect to get both the root and www covered.  There is only one box for one entry am I supposed to use commas or semi-colons or is that not how it works.

 

Thanks

New

Re: SSL non www and www

if I change my common n ame from www to * do I have to reinstall the certificate on the server or will it still work because the domain didn't change 

Re: SSL non www and www

Good question!

 

I bought the UUC SSL up to 5 domains from GoDaddy and it seemed a bit overkill to use 2 "credits" on the 1 website.

 

I guess the wider question to the community is why do we not apply the certificate to one version, say https://testwebsite.com. Then set any user who accesses the https://www.testwebsite.com on a 301 redirect to the non www version?

New

Re: SSL non www and www

I'm have the same issue that @easueue is having and I'm being told that I need to purchase a UCC certificate to cover https://domain.com and https://www.domain.com.  If you could provide the steps or a link to correct the issue I think it would help.

Moderator
Moderator

Re: SSL non www and www

Hey @Mikeha

 

As I previously mentioned in this discussion, a standard SSL will secure both the root domain requested and the 'www'. You shouldn't need to buy a UCC certificate unless your 'domain.com' is going to be for two completely different domains. 

 

CG - GoDaddy | Community Moderator
24/7 support available at x.co/247support

Re: SSL non www and www

So if this is the case and we don't have to use 2 of our SSL UCC's on one domain with the www and without the www then what is the solution to this issue? It seems that I'm not the only one with this issue. I have called technical support and they aren't a lot of help. They just point me to the GoDaddy article that tells me how to redirect HTTP to HTTPS. This isn't my issue and doesn't solve my issue.

 

My issue is when someone goes to https://domain.com they hit a secure site but when they go to https://www.domain.com or www.domain.com they get "The hostname in the website’s security certificate differs from the website you are trying to visit. " on IE and invalid cert on other browsers.

 

Do I just add "Subject Alternate Name" for both www.domain.com and domain.com and it will only use one of my Subject Alternate Name's? or do I add www.domain.com only to my Subject Alternate Name's and it covers both.

 

Please help... This is killing me.

New

Re: SSL non www and www

Same issue here. Although, I haven't had the issue in the past. Just installed a new standard cert and www is not covered. 

Re: SSL non www and www

I am using website builder 7 to create my site and have been told that an SSL cert can be installed, but I have the same question ... will it cover both www and non www?  On a previous site only one was covered by the cert.  I don't think there is a place to do redirects with website builder, at least that's what I've been told, so I definitely need to cover both types of the domain.

New

Re: SSL non www and www

Hi stikker,

 

Were you able to resolve this issue? I have a similar issue, cannot figure out.

 

Thanks,

KP

Re: SSL non www and www

No luck, I had to waste a second SSL on the same site. Feeling like this shouldn't have to be the case. 

Re: SSL non www and www

Same here. I bought 5 certs for 5 sites and it's only half covered--either www or non-www. I've been on the phone with technical support for days and they want to charge money to help.

Moderator
Moderator

Re: SSL non www and www

Hi @insidenm, thanks for posting.

The WWW and non-WWW version of domains is only included on Standard Certificates. If you purchased a UCC SSL, then only the exact domains will be secured. A UCC is not 5 separate certificates. It is 1 certificate that can cover 5 common name. Since you choose what 5 domains or subdomains are included, the WWW version is not automatically included.

^Gary

Gary - GoDaddy | Community Moderator
24/7 Support | Check System Status

Re: SSL non www and www

Yeah! Nice to know after you purchase a year's worth. The people selling the products should be explaining this when making the sale. It should also be noted on the product information page. Not much you can do once the purchase is made. It's not like there is an option to upgrade to 15 or 20 common names as required. I don't even think the people selling the stuff know the difference. Technical support certainly doesn't. It took multiple calls to support that I was getting non-secure page warnings before I figured it out myself.

 

Just suggesting that you share this information in advance so you don't put your customers in a position where they can't do anything to fix it until it's time to upgrade.

Re: SSL non www and www

I am having your exact issue - www addresses NOT directing to HTTPS.

 

Has ANYONE figure out the proper code/rules for the htaccess file to fix this? I have been on the phone with GoDaddy for past several days. They broke five of my sites (which were down without my knowledge for days) when they installed my SSL incorrectly. Now, I'm not even getting secure protection on the site I BOUGHT it for - and all they do is send me a StackFlow article because none of their "support" staff can tell me the simple line of code to fix the www non-redirect issue.

 

Please. Anyone figured this out...? If not, I'm seriously just done. Cancelling SSL and going to a hosting company that gives a sh*t.

Re: SSL non www and www

Just an FYI, I finally have the HTACCESS code needed to redirect my SSL site to its HTTPS address - both with and without the "www" prefix.

 

The answer can be found within this discussion: https://www.godaddy.com/community/SSL-And-Security/Has-anyone-yet-figured-out-the-SSL-redirect-for-q...

 

Here's hoping this offers others the relief it has given me.

Solution

Re: SSL non www and www

@RexRoamer,

 

In GoDaddy UCC SSL Certificates, for your primary domain, you get covered for both non-www and www domains with a single domain entry in certificate. I just verified that. However, if it is not your primary domain and just a SAN, you still need to spend two SANs to cover the main domain and the 'www' sub domain.

 

To be clear, your solution works if the user types the following two URLs:-

http://replace-with-your-URL.com

http://www.replace-with-your-URL.com

They both get redirected to: https://replace-with-your-URL.com as expected.

 

However it does not work when the user types https://www.replace-with-your-URL.com.

User does not get redirected to https://replace-with-your-URL.com. Instead he gets a security warning because www.replace-with-your-URL.com is not in the list of domains (SANs) covered by the certificate.

 

So in reality, yours is not a 'complete' solution either. To be 'complete', the user should be redirected to https 'non-www' URL when he types https 'www' URL (according to our expectation here). To make that happen, you still need to add both:-

replace-with-your-URL.com

www.replace-with-your-URL.com

to your list of domains in certificate consuming 2 SANs. Please correct me if I'm wrong. Otherwise, next time we buy SSL, we need to do more research and see if other providers do in fact cover both www and non-www within a single SAN of their UCC SSL Certificate.

 

And if they do, BAD GoDaddy!

View solution in original post

Re: SSL non www and www

I appreciate your info, but the solution I've posted works for MY problem. That's why I was very specific in describing my problem when I posted the solution.

 

But, I'm sure your info will help others with the problem YOU describe - and that's a good thing!

New

Re: SSL non www and www

@stkikkerso you ended up assigning 2 certificates per domain?


We just purchased 2 years worth of *Multiple 5 website* plan.

Our domain.com is now properly set with  https://domain.com as we've setup for primary in our site setup.
Our www.domain.com  and  http://www.domain.com are redirecting properly to https://domain.com 

however  https://www.domain.com  still produces "Your connection is not secure" gray page in Safari & Firefox.  Chrome is the only place the latter redirects and works as we hoped.

Re: SSL non www and www

I totally agree, all the salesmen need to be educated on how to sell SSL so we the customers arent left with a half ass install 

Solution

Re: SSL non www and www

A couple of years has passed since I first posted on this thread and there is still no obvious answer.

All I can suggest is get rid of the SSL with GoDaddy and get a free version from Let’sEncrypt.

Here is a great video tutorial for setting this up on GoDaddy CPanel:

https://youtu.be/GPcznB74GPs

View solution in original post

Re: SSL non www and www

Did you try the proper HTACCESS code I pasted in another thread...? Here it is again, just in case you didn't see it:

Here is the PROPER code for my site. It is literally the entire HTACCES file required to redirect my SSL site to its secure/HTTPS address. It works for BOTH the "www" and "non-www" URL of my site:

 

# BEGIN SSL
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(www\.)?replace-with-your-URL\.com$ [NC]
RewriteRule ^$ https://replace-with-your-URL.com$1 [R,L]
# END SSL 

 

On my sites, this sends both "www" and non-"www" versions of my URL to my secure site.

Re: SSL non www and www

 

This is correct yet unfortunate. I had to register both www and non-www to get the entire setup a normal SSL would provide. It's still cheaper then going that route but not by much.

Re: SSL non www and www

.htaccess redirect www to non-www with SSL/HTTPS
I've got several domains operating under a single .htaccess file, each secured via SSL. I need to force https on every domain while also ensuring www's redirect to non-www's. Here's what I'm using which doesn't work:

RewriteCond %{HTTP_HOST} ^www.%{HTTP_HOST}
RewriteRule ^.*$ https://%{HTTP_HOST}%{REQUEST_URI}/$1 [R=301,L]

Example: https://www.itsmarttricks.com/

should redirect to...  https://itsmarttricks.com

New

Re: SSL non www and www

Go for lets encrypt, however it must be renewed every three months.

 

I am setting up lets encrypt SSL on my Windows Shared hosting with Plesk