Wildcard SSL certificate does not work with naked domain

I have deployed a wildcard certificate (Comodo PlatinumSSL) for *.example.com on Apache/Ubuntu 14.04. Everything works if the client visits https://www.example.com but https://example.com throws up this in Firefox:

example.com uses an invalid security certificate. 
The certificate is only valid for *.example.com 
(Error code: ssl_error_bad_cert_domain)

Extracts from the vhost file:

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        SSLEngine on
        ServerName example.com
        ServerAlias www.example.com *.example.com
        DocumentRoot /var/www/html
        SSLCertificateFile      /etc/ssl/localcerts/example_com.cer
        SSLCertificateKeyFile /etc/ssl/localcerts/example_com.key
        SSLCertificateChainFile /etc/ssl/localcerts/example_com_interm.cer

How do I get both https://www.example.com and https://example.com to work without warnings?

Asked By: Kheldar Ambar


A wildcard matches a single left-most label. That is *.example.com matches www.example.com but not example.com or sub.foo.example.com. This means you either need to get a certificate which includes *.example.com and example.com as subject alternative names or if you just need www and the naked domain name then you can can get a cheaper certificate which only includes www.example.com and example.com.

Answered By: Steffen Ullrich

More information on certificates with and without the www domain can be found here.

This post has the same subject as your question and basically states that there is no work-around, other than buying a new certificate

Answered By: NZD
Categories: Answers Tags: ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.