Open trialotto opened 7 years ago
Just stumbled over this issue too. IMO it makes sense to create the certificate also with the "www" variant (Option "Include www.example.com as an alternative domain name." activated).
Nuance here in the fact that Security Advisor - is a mass management and if domain do not respond on www prefix, the certificate will not be issued, and there will be a lot of falls. Perhaps after some kind of research it is possible to release a certain setting to try www sign additionally.
In version 1.1 of the Security Advisor, the "Secure with Let´s Encrypt" action does not set alternative names of the form www.domain.tld (or any other sub.domain.tld), nor does it allow to set these names.
It is rather important that these alternative names of the form www.domain.tld are set automatically.
Any absence of the www.domain.tld alternative names will not lead to the green lock in the browser, if a www.domain.tld is hardcoded somewhere in the application on the specific site.
Furthermore, the before mentioned "absence" entails some considerable security risks, in general and also especially for some specific common applications (such as WordPress).
Regards....