Windows Server and 'www.'

Windows Server 2016 IIS - and with CtW my domain.org was up and running with https in seconds.

Now preparing to have ‘www.’ requests land without the ‘www.’

If I alter incoming URLs as described, is there any need for me to add the ‘www’ subdomain to the certificate?

I’m guessing no - if I’m suppressing ‘www.’ not sure how the subdomain certificate would be able to http authenticate itself.

Opinions on best practice welcome, seems like a typical setup…

Thanks, I think you should keep the www in the certificate as the actual incoming request might be https://www.domain.org which you then want to redirect to https://domain.org, if www.domain.org doesn’t have a binding then the first request will fail before you can redirect it.