I've got a wildcard SSL certificate for my public-facing site, and I'm running into issues when accessing the site without the 'www' subdomain. It works perfectly fine when I use www.contoso.com, but if I try just contoso.com, I get a security certificate error on some browsers like Edge and Safari, even though it loads the same public website as the www version. This issue only started happening in the past week and I'm curious if anyone knows why this is occurring. Any insights would be appreciated!
3 Answers
Make sure your website isn't running on different servers, as sometimes a cluster setup can lead to issues like this if not all servers have the latest certificate applied or redirect settings done correctly. Verify your configuration across all nodes.
You might also want to check if there are any certificate Subject Alternative Names (SANs) present or not. Since you mentioned it’s a wildcard cert, it typically wouldn't have SANs. The common error message about the connection not being private suggests a mismatch where the security certificate doesn't align with how you're trying to access the site. A wildcard certificate should usually cover both versions if configured correctly.
The error you're seeing happens because your wildcard certificate is only covering subdomains, so it encompasses things like *.contoso.com but not contoso.com itself. Essentially, you're trying to access the main domain which isn't included in your wildcard cert. To solve this, you'll need either to add a specific certificate for the root domain or adjust your SSL settings. Sometimes it helps to check if there's redirection configured from the non-www version to the www version as well, in case that’s not set up properly.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures