Knowledge Base

How to use www and non-www domains with an SSL certificate

This article demonstrates how to configure your web site to use SSL even if visitors do not specify the www subdomain.

This article assumes that you already have a valid, functioning SSL certificate on your web site.

Using www and non-www domains with an SSL certificate

Many third-party SSL certificates are only valid for one specific domain. For this reason, web site owners often set up an SSL certificate for the www subdomain (for example, www.example.com). However, this means that visitors to the site may receive a security warning if they go to example.com without the www prefix.

Clearly, you want visitors to be able to use an SSL connection whether they visit example.com or www.example.com. To enable this functionality, you can use Apache rewrite rules in a custom .htaccess file.

The following lines demonstrate how to redirect visitors who enter a domain name without the www prefix to a secure connection. With these settings enabled on your web site, visitors who go to example.com or www.example.com (where example.com represents your domain) both obtain an SSL connection:

RewriteEngine on
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]