SSL Let's Encrypt Certificate on CW

Hi,

Regarding SSL Let’s Encrypt certificates on CW.

Do I add the
www.domain.com
to the first field, and that covers the root domain as well, job done? OR, do I need to click on ADD DOMAIN and list the root domain as well?:
domain…com

Thanks
Steve

When I add Let’s Encrypt certificates I use the domain (without the www) as the canonical name and choose the wildcard option. You are then prompted to add a CNAME record to your DNS then verify it once you’ve done so. Sometimes it takes a few minutes, sometimes it fails and I have to try again, but it has always worked. The wildcard option will cover you for both the www and non-www versions of your site.

I prefer to use the non-www version and I do so consistently wherever my domain name is being used (e.g. Google analytics, social media sharing, etc), but that’s just me. If you have been using www in your domain name elsewhere, then it’s best to be consistent, but the sky won’t fall in if you aren’t.

Hi mail5,

CW support recommended I add both and NOT use a wildcard.

www.domain.com to the first field, and then click on ADD DOMAIN and list the root domain.

I would have thought adding www. or root/blank would be suffient, but I guess that depends on the cert authority?

All certificates I’ve ever used require the inclusion of both versions of the domain. Pretty sure it’s part of the standard.

And definitely agree with CW support’s recommendation to do it this way instead of adding a wildcard cert.

Erp… Looks like I’m wrong. According to the CW docs

On the sole discretion of the certificate authority, if you purchase a single-name certificate for the www hostname (www.mydomain.com), the certificate may also include the root domain (mydomain.com).
https://support.cloudways.com/difference-between-single-multiple-wildcard-ssl/

So yea, you’re right - depends on the cert authority’s policy.

But since CW’s Let’s Encrypt specifically allows the addition of both versions, that’s still the best way.

Hi Paul,

Yes, I read that too. I was just wondering if I could miss a step but it looks like both domains need to be added. Thanks for your input.