Question posted in 
I have an AWS route 53 domain that’s hosting an S3 bucket for my site. I added a wild card cert i.e. *.example.com to my domain.
However, when I access https://example.com the browser doesn’t pick up the cert. If I go to to https://www.example.net the cert works just fine. (in both scenarios the page loads)
I’m wondering what the best solution would be? I see websites like facebook will automatically redirect to the ‘www’ subdomain but stackoverflow doesn’t seem to?
Do I create a new cert?
Do I try to configure route 53 to automatically redirect? If so how? I see other people having this issue where they link to an s3 bucket but say it won’t work over https?
SEO also seems to be something I should be considering but I’m not sure what the consequences would be specifically.
Any help would be appreciated.
2
Answers
You need separate certificate for the root / naked domain.
SSL Certs are valid for the given wildcard depth. * , * .*, * .* .* etc.,
Based on the cert pattern you can notice it is
In case if it matches to all strings in the prefix without a dot. It will match all of the domains like
as well.
Also your cert works only to one level deep. It will not work for
anything.something.example.com
There is a nice discussion about the second level subdomain ssl certs.
https://serverfault.com/questions/104160/wildcard-ssl-certificate-for-second-level-subdomain
Even in that case, you domain need to be only in the forms of,
something.anything.example.com and it will not work for something.example.com since cert is for
Hope it helps.
I think you don’t need redirection. You can request an ACM certificate with multiple domains (use the “Add more names” button)i.e. you have to request a new certificate for following domains:
Domain 1: example.com (for the apex domain itself)
Domain 2: *.example.com (for subdomains till one level)
Once it is issued and attached to supported resource (should be CloudFront in your configuration), the certificate will protect both example.com and http://www.example.com .