|

Free Website & Server Migration

🔥 PricingLoginSignupSupportResellerAffiliate
Colonel Server

Using www and non-www domains with an SSL certificate

Websites often receive traffic on both the www and non-www versions of a domain. When SSL is enabled for only one of these, visitors may encounter browser security warnings. This guide explains how to configure your site so HTTPS works consistently regardless of whether visitors include the www prefix.

Prerequisites

Before proceeding, ensure the following:

  • A valid and working SSL certificate is already installed
  • The web server is running Apache or an Apache-compatible server
  • You have access to edit .htaccess files

[Screenshot placeholder: browser showing valid HTTPS connection on one domain variant]

Why www and non-www Matter for SSL

Many SSL certificates are issued for a single fully qualified domain name, such as www.example.com. If a visitor accesses example.com without the www prefix, the certificate may not match the requested hostname.

This mismatch causes browsers to display security warnings, even though the site itself is legitimate.

To avoid this, traffic should be redirected so that all visitors are sent to the SSL-enabled version of the domain.

Choosing a Canonical Domain

Before configuring redirects, decide which version of the domain will be used as the primary address:

Only one version should be exposed publicly. The other should permanently redirect to it.

This approach is commonly used on sites hosted in cPanel-based hosting environments and custom deployments on dedicated server platforms.

Configuring Redirects with Apache

Apache rewrite rules can be used to force visitors onto the secure www version of the domain.

Editing the .htaccess File

Locate the .htaccess file in the document root of your website. This is typically the directory where WordPress or your main site files are installed.

[Screenshot placeholder: file manager showing .htaccess in document root]

If the file does not exist, create it.

Redirect non-www to www over HTTPS

Add the following rules to the .htaccess file:

RewriteEngine on
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ https://www.%{HTTP_HOST}/$1 [R=301,L]

These rules enforce the following behavior:

  • Ensure the connection is already using HTTPS
  • Check whether the requested hostname does not start with www
  • Redirect the request to the HTTPS www version using a permanent redirect

[Screenshot placeholder: .htaccess file with rewrite rules added]

Saving and Testing

After saving the file, test both versions of the domain:

Both should result in a secure connection using the same certificate, without browser warnings.

[Screenshot placeholder: browser redirecting from non-www to www over HTTPS]

Control Panel Environments

On platforms such as Plesk-based hosting platforms, similar behavior can often be achieved using built-in redirect or domain alias features. These tools generate equivalent rules automatically and reduce the risk of configuration errors.

Always test redirects after making changes to confirm that:

  • HTTPS is enforced
  • Redirect loops do not occur
  • Search engines see only the canonical domain

No related posts.

Was this article helpful?
Updated 1 month ago
← Renewing an SSL Certificate Installing an SSL certificate site seal →