Do i need to buy separate SSL certs for www and non-www ?

Posted May 30, 2017 18k views
DigitalOceanUbuntu 16.04

Let’s say I have a website named hosted here in DO. Currently, I am redirecting all www urls to non-www equivalent. So if a request comes at the server will redirect it to

Now I want to use SSL on my site. My question is do I have to buy separate SSL certs for www and non-www version of the domain ?

Thanks :)

  • Most certificate and hosting companies (DigitalOcean included) will cover and on the same certificate. In most cases, these are on the same server, with the same IP address. Guided by DNS configuration, the server distributes requests for

    Beware of your DNS configuration, especially with respect to mail servers. The world would like to see a one-to-one relationship in forward (name to IP) and reverse (IP to name) lookups. Somewhere in DNS is an SPF record that says host x.x.x.x has authority to send mail on behalf of

    Covering is another matter, requiring either a separate certificate or a wildcard certificate.

    I have a cPanel, CentOS7, VPS account. I cover my VPS server with a certificate; I use a certificate to cover http requests to aka

    I declare and in DNS. Technically, I should be able to declare and as servers. Occasionally, I run into trouble and now make sure to claim as my mail server.

  • Can anyone tell me if I have an wildcard certificate for my domain but if I want to purchase another wildcard for my webpage (Career page) then the previous wildcard would be revoked? or is it possible to have 2 different wildcard certificate for different pages of the website?

    Its urgent if some onecan guide me

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
5 answers

Hi @ozwiz

Most certificate providers will give you for free, when you buy

But you can get free signed certificates with Let’s Encrypt.
You can follow the tutorial depending if you’re using as web server.

by Mitchell Anicas
In this tutorial, we will show you how to use Let's Encrypt to obtain a free SSL certificate and use it with Nginx on Ubuntu 16.04. We will also show you how to automatically renew your SSL certificate. If you're running a different web server, simply follow your web server's documentation to learn how to use the certificate with your setup.
  • @ozwiz

    As a general note, Let’s Encrypt doesn’t support WilCard SSL Certificates and may not ever, so if you absolutely need a WildCard SSL Certificate, right now, the only way to obtain one is to buy them.

    With Let’s Encrypt, you’d pass in the domains using the -d flag, though you need to do it for each variation you need an SSL Certificate for.

  • @hansen Do godaddy provides www for free ? Just asking because their product description page doesn’t say anything about this.

    Moreover, I am hesitating to use Let’s Encrypt because I don’t know whether they are of equal worth as other paid options.

    • @ozwiz

      Unless you need special certificates like WildCard, EV, UCC or SAN, then Let’s Encrypt is exactly equal to the regular certificates.

      I put more trust in Let’s Encrypt than any of the current certificate providers - and they’re backed by some of the biggest companies in the world.

      Certificates are about trust and since Let’s Encrypt is based on open validation and everything is done by computers, then they are more trustworthy than Symantec, StartSSL and others that has lost the trust (and revoked from many browsers).

      Again, it’s free for you to test with Let’s Encrypt - if you don’t like it, you can revoke the certificate and buy a certificate.

      I cannot find any information on GoDaddy if www. is included in their cheapest certificate. You probably need to contact their support.

      On the domains where I needed WildCard, I’ve been using AlphaSSL, which I’ve bought via - they also sell regular certificates for less than $10.

      But as of this year, I’ve been using Let’s Encrypt primarily - and I cover about 80 domains with several sub-domains.
      If Let’s Encrypt goes belly up or has a major breakage, then I can just go and buy certificates.

      • @hansen

        Thanks for the detailed answer :)

        As you know, I am redirecting all my urls www urls to non-www equivalents. So, What If i only apply SSL to only non-www domain. Is that a problem ?

        One more thing, Is there any way to know which type of cert (DV, EV or standard etc) a site is using ?

        • @ozwiz
          It’s generally only a problem if your domain has a lot of history with www..
          Normally I would always recommend using a certificate that includes www. together with the root domain. Then your visitors won’t get a warning in case they add the www. before being redirected.

          • Okay, I’m thinking of trying Let’s encrypt. Will there be any problem if at a later date I revoke let’s encrypt or change SSL cert CA ?

          • @ozwiz Nope, no problems. I’ve moved to and from Let’s Encrypt on some domains. After replacing the certificate, I simply restarted the web server and that was it.

            We’ve reached the limit of comments in this thread, so if you have any further questions, simply create a new answer in the bottom and use the @ to notify me.

          • Thank you very much :)

        • @ozwiz

          EV = Extended Validation, which is what DigitalOcean uses - and most banks. It’s a long process of verifying that your business is actually real and the connection to you domain.

          DV = Domain Validation, or just a regular certificate, is what you can get from Let’s Encrypt for free or buy for $10 (or $70 at GoDaddy).

          You can check a certificate via and it’ll tell you a lot of details about a certificate.
          And you can use to find the history for any domain by looking the Certificate Transparency list, which every certificate provider is required to use (at least from this year and going forward).


No you can have SSL certificate for * or sometimes you might need to specify all the subdomains of your main domain for example you can have one SSL certificate for and for

Hope this helps.

the cost of wildcard ssl cert is very high. Is there any way to get the same behavior using standard SSL ?

  • If you’re worried about the cost of a certificate, I suspect all you need is Let’s Encrypt, which will give you free certificates to any domains you own. (They don’t do wildcard, but they’ll issue a certificate that covers multiple domains, or multiple certificates each covering a single domain).

    It won’t show the business name next to the lock on the address bar, but it will say secure.

You do not need to buy separate SSL certificates because Now Single domain validation (DV) SSL Certificate will secure the both www and non-www version of the domain name by default.

Generally, most of the well-known Certificate Authorities such as Comodo, RapidSSL, GeoTrust, Thawte, GlobalSign, etc.. issue a domain validation SSL certificate along with WWW and NON-WWW support feature.

If you get single DV SSL certificate from such authorities to protect non-www URLs, which is redirected from www URLs, there will be no issue, because if the CSR is generated for then it will automatically work for also.