My site has a ssl certificate installed for a virtual host in my apache setup. It redirects http to https and https://sitename.com works but for some reason when the user explicitly types the www, "https://www.sitename.com", I get an invalid certificate error.
http://www.sitename.com works but once you use https, it all breaks.
This is part of my apache configuration for the virtual host
<VirtualHost *:80>
ServerName sitename.com
RedirectMatch permanent ^/(.*)$ https://sitename.com/$1
</VirtualHost>
<VirtualHost *:80>
ServerName catch-all.sitename.com
ServerAlias *.sitename.com
RedirectMatch permanent ^/(.*)$ https://sitename.com/$1
</VirtualHost>
<VirtualHost *:443>
ServerName sitename.com
Header always set Strict-Transport-Security max-age=31536000
SSLProxyEngine on
Best Answer
httpd doesn't know what the hostname in the host header is until the decryption process takes place, so if the original request doesn't match the hostname in the certificate, you will get an error.
If you want to have both domains work with https, you will need either:
2 x ip addresses with 2 individual certs, with each one attached to an ip address
A wildcard certificate that works with both domains
A wildcard is the best option, but I'm guessing you didn't buy one of these, and that you have a cert that is specific to "sitename.com"