How to use www and non-www domains with an SSL certificate

This article demonstrates how to configure your web site to use SSL even if visitors do not specify the www subdomain. This article applies to Linux servers using Apache or Apache compatible web servers. For Windows servers see this article.

This article assumes that you already have a valid, functioning SSL certificate on your web site.

Using www and non-www domains with an SSL certificate

Many third-party SSL certificates are only valid for one specific domain. For this reason, web site owners often set up an SSL certificate for the www subdomain (for example, www.example.com). However, this means that visitors to the site may receive a security warning if they go to example.com without the www prefix.

Clearly, you want visitors to be able to use an SSL connection whether they visit example.com or www.example.com. To enable this functionality, you can use Apache rewrite rules in a custom .htaccess file.

The following lines demonstrate how to redirect visitors who enter a domain name without the www prefix to a secure connection. With these settings enabled on your web site, visitors who go to example.com or www.example.com (where example.com represents your domain) both obtain an SSL connection:

RewriteEngine on
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]

Did you find this article helpful? Then you'll love our support. Experience the A2 Hosting difference today and get a pre-secured, pre-optimized website. Check out our web hosting plans today.

We use cookies to personalize the website for you and to analyze the use of our website. You consent to this by clicking on "I consent" or by continuing your use of this website. Further information about cookies can be found in our Privacy Policy.