> https://domain.com/ doesn't match *.domain.com -- note the . That's just how the issuer does them. I've checked other sites. I don't think it's that obvious. The vendor claims we'll need another cert for the non-www. J