@yellow so, that's a bit of a (not so) fun fact about wildcard certificates, at least the way most ssl libraries handle it, the wildcard only works for one level :neocat_googly_woozy: they'd need *.*.site.tld in the alt-names for the www to be vaild