Optimizely can now generate certificates for root domains in DXP

Error message when missing certificate: Your connection is not private

In Optimizely's cloud hosting service DXP, Optimizely has for a long time offered to generate certificates for the sites it hosts, giving us the secure https URLs with a reassuring padlock next to it.


Until today that service has come with the limitation that they could not generate certificates for root domains, like novacare.no, only subdomains, like www.novacare.no. If we were going to use a root domain, we would need to buy the certificate somewhere else and send it to Optimizely.

Today I received the good news from Optimizely support that they are now able to generate root domain certificates for us.

We were just about to set up over 40 root domains for a customer, so this saves us a lot of work 🥳🥳🥳

In addition to saving us a lot of work today, it also means that we don't need to keep the certificates updated by sending new ones to Optimizely once a year, which is both a hassle and too easy to forget 😬

This feature was originally requested by my colleague Sigve Fast a year ago through Optimizely's feedback forum:


A little background on root domains

Most websites are configured to use the root domain and the www subdomain interchangeably, for example google.com and www.google.com.

We recommend that one of them is defined as the main, canonical, URL and then the other is set up to redirect all traffic to the canonical URL.

For example, Google uses the www subdomain as the canonical URL. If you enter the root domain google.com in the browser's address bar, you are immediately redirected to https://www.google.com.

For this redirect to work, we need to have a valid certificate for google.com, otherwise the end users will get this scary warning instead of getting redirected:

Error message when missing certificate: Your connection is not private

Categories: Optimizely Optimizely DXP