Newbie question: How to route to subdomain to avoid "invalid certificate"

I’ve succeeded in getting an SSL certificate via Letsencrypt and Duckdns for Nginx, but I would like to know how to deal with the limitation that only certifies subdomains. So if I had a domain, the all the subdomains of fred would be certified, but fred itself gives an “invalid certificate” error.

Is there a way of routing “fred” to “www.fred” so the invalid certificate error does not appear?

I’m sure it’s straightforward, but I am too inexperienced to deal with it!

Thanks in advance for any help you can give!

Yes, you can add a redirect from to

See here for an example: docker-swag/default at 016dc180075f8eb147b77e843e34e4fbb4976a1a · linuxserver/docker-swag · GitHub

Thanks, but I don’t think I made it clear how much of a newbie I am… :blush:

Could you point to the relevant line numbers please?

PS will this definitely prevent the invalid certificate?

It literally highlights the relevant lines

Maybe you need this: nginx redirect non-www to www - Google Zoeken

It looks like I cannot avoid an invalid certificate error if people choose to connect without a subdomain.

The article you referred to confirmed my fears:

First of all your need SSL certificate for both domains and 
Another option is a SAN certificate or wildcard certificate that protect all first-level subdomains on an entire domain such as * including,, and more.

Sadly neither option is available with letsencrypt/duckdns

To redirect to www, the server would need to accept the connection at the domain[] which does not have a certificate thus generating the error. I thought as much. How annoying!

What is misleading is that I see the following after the letsencrypt installation:

duckdns validation is selected
the resulting certificate will only cover the subdomains due to a limitation of duckdns, so it is advised to set the root location to use

This led me to believe that a redirection would work. Oh Well!

Thanks for you help!

Then set the server_name to here: docker-swag/default at 016dc180075f8eb147b77e843e34e4fbb4976a1a · linuxserver/docker-swag · GitHub

Ok, I think I’m going to have to look out some nginx tutorials. Thanks!