Domain + subdomains for same site + https


i am trying to configure www.MYWEBSITE.ORG and MYWEBSITE.ORG for the same Wordpress/Yunohost install.
what i want
a) www.MYWEBSITE.ORG shall be main domain
b) MYWEBSITE.ORG shall redirect to it

  1. what is the way to do ?
    what shall i configure in YUNOHOST
    and what shall i configure in NGINX
    and what shall i configure in my DNS

i would like to have LET"S ENCRYPT certificate for both domains or just for the main one.

what i setted up so far:




i added domain www.MYWEBSITE.ORG to YUNOHOST
installed my WP to www.MYWEBSITE.ORG
installed certificate

my issues :
MYWEBSITE.ORG can’t be opened , error below.

Your connection is not private
Attackers might be trying to steal your information from MYWEBSITE.ORG (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID

what shall i do ?
i suppose the best way is to redirect user from MYWEBSITE.ORG to www.MYWEBSITE.ORG
but how shall i do it better ?
is there other options ?

Hi there,

I don’t know about the CNAME you seem to have put in your DNS, it might work

The message you are seeing :

Your connection is not private
Attackers might be trying to steal your information from MYWEBSITE.ORG (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID

Is because you probably still have a self-signed certificate. You should request a Let’s Encrypt certificate in the admin interface (Domains > your domain > SSL Certificate > Install a Lets Encrypt certificate). You can also do this from the command line. More info here

1 Like

issues is different:

www.MYWEBSITE.ORG is defined as my domain, and i have certificate.

MYWEBSITE.ORG is not defined as domain, so i can’t install certificate for it.

Create a file /etc/nginx/conf.d/

Edit and put these lines

server {

    #implemented by default, change if you need different ip or port

    #listen *:80 | *:8000;


    return 301 $scheme://$request_uri;


Restart nginx:
service nginx restart


  1. Replace with your domain name.
  2. should not be default domain for the yunohost.(issue )
  3. This steps are for when is installed domain and is not an installed domain.

thank you !

i tried exactly what you propose and it looks like it works for

but not for shows

Unable to communicate securely with peer: requested domain name does not match the server’s certificate. HTTP Strict Transport Security: false HTTP Public Key Pinning: false

(as i see in your conf the port number 80 is commented, so as i understand that shall work in all cases, but it doesn’t for me)

any idea ?

For that, I think you will need to delete the and install the from yunohost domian( with letsencrypt install on it too) like you did for www, Then in the /etc/nginx/conf.d/ you need to add return 301 $scheme://$request_uri; in the server blocks for port 80 and port 443.

It would look something like this :

    server {
        listen 80;
        listen [::]:80;
        return 301 $scheme://$request_uri;

server {
    listen 443 ssl;
    listen [::]:443 ssl;
           return 301 $scheme://$request_uri;

Restart nginx :
service nginx restart

1 Like

thank you will do this very soon,

first i had to fix my DNS. is it OK to have two domains to same IP with IN A ?
or one of them shall be CNAME ? 0 A xx.xx.xx.xx 0 A xx.xx.xx.xx

this one was not possible: =>


(error:Error when adding the entry to the DNS zone. (A CNAME RR for a root record is not allowed))

www should be a CNAME as it is a subdomian, if I am not wrong.

I had a similar issue as the thread-starter and I also did create a subdomain in Yunohost with Adding the www entry to the DNS settings in the hosting provider. . However, I’ve got the certificate issue when trying to access worked fine.
I’ve tried all sorts of things, like removing and re-adding the domain.
Problem was that I could not generate a certificate for . The green button was inactive.
At the end I did run Yunohost diagnostics and after that it was possible to generate the let’s encrypt certificate. The green button became active. After generating the certificate, I could access the without getting a certificate error.

I’m wondering why this procedure is not mentioned in the Yunohost DNS documentation? Or did I just didn’t find it? Is it not common to configure a www subdomain in Yunohost?
In my opinion it should be in the YH doc’s.

That’s a common misconception about subdomains, unfortunately. www has nothing special about it, it is a subdomain like another. As far as I know, the DNS documentation lets you set up the main domain and any subdomains to point to your server.

So domain.tld, www.domain.tld, and whatever.domain.tld can either be point to their own app each, or point to the same site by installing one site app and 2 redirect apps.

Since it’s a common misconception, wouldn’t it be good to briefly mention it on the DNS page in order to help out people like me?

Definitely! You can suggest an improvement of said page with the Escape key.

However, now that I read the page, I do not know why you had to specify both domain.tld and www.domain.tld. The @ DNS entry covers domain.tld and * covers all subdomains, including www.

I did try it without the subdomain, but I’ve got a certificate error (“bad certificate” or alike).
Also some YH experienced friends told me that a subdomain is required for www
I have a second YH server installation which I can try again without subdomain later.