Due to changes in the CA/Browser Forum guidelines, the following changes to Wildcard and Multi-Domain certificates (including free "www" and base domain certificates) are in effect starting from the 19th of November 2021:
- Wildcard certificates can't use HTTP/HTTPS file based validation anymore
- HTTP/HTTPs file based validation for multi-domain certificates changed the behaviour slightly in that all domains included in the certificate need to be validated independently. Previously validating the base-domain was sufficient for issuing certificates for sub-domains.
This also applies to certificates were we automatically add the free "www" sub-domain.
For certificates where we automatically add the free "www" sub-domain as well as all other multi-domain certificates with HTTP/HTTPS file based validation you need to make sure that your web server serves the validation file from both/all domains included in the certificate. However, HTTP redirects (301, 302 status codes) are allowed if the redirect points directly to the validation file.