diff --git a/plogical/sslUtilities.py b/plogical/sslUtilities.py
index eea0b5cf0..2eb185f5e 100644
--- a/plogical/sslUtilities.py
+++ b/plogical/sslUtilities.py
@@ -579,7 +579,7 @@ context /.well-known/acme-challenge {
                 return 1
 
     @staticmethod
-    def obtainSSLForADomain(virtualHostName, adminEmail, sslpath, aliasDomain=None):
+    def obtainSSLForADomain(virtualHostName, adminEmail, sslpath, aliasDomain=None, isHostname=False):
         from plogical.acl import ACLManager
         from plogical.sslv2 import sslUtilities as sslv2
         from plogical.customACME import CustomACME
@@ -609,11 +609,11 @@ context /.well-known/acme-challenge {
             # Start with just the main domain
             domains = [virtualHostName]
             
-            # Check if www subdomain has DNS records before adding it
-            if sslUtilities.checkDNSRecords(f'www.{virtualHostName}'):
+            # Check if www subdomain has DNS records before adding it (skip for hostnames)
+            if not isHostname and sslUtilities.checkDNSRecords(f'www.{virtualHostName}'):
                 domains.append(f'www.{virtualHostName}')
                 logging.CyberCPLogFileWriter.writeToFile(f"www.{virtualHostName} has DNS records, including in SSL request")
-            else:
+            elif not isHostname:
                 logging.CyberCPLogFileWriter.writeToFile(f"www.{virtualHostName} has no DNS records, excluding from SSL request")
             
             if aliasDomain:
@@ -648,11 +648,11 @@ context /.well-known/acme-challenge {
             # Start with just the main domain
             domains = [virtualHostName]
             
-            # Check if www subdomain has DNS records before adding it
-            if sslUtilities.checkDNSRecords(f'www.{virtualHostName}'):
+            # Check if www subdomain has DNS records before adding it (skip for hostnames)
+            if not isHostname and sslUtilities.checkDNSRecords(f'www.{virtualHostName}'):
                 domains.append(f'www.{virtualHostName}')
                 logging.CyberCPLogFileWriter.writeToFile(f"www.{virtualHostName} has DNS records, including in SSL request")
-            else:
+            elif not isHostname:
                 logging.CyberCPLogFileWriter.writeToFile(f"www.{virtualHostName} has no DNS records, excluding from SSL request")
             
             if aliasDomain:
@@ -692,11 +692,11 @@ context /.well-known/acme-challenge {
                     # Build domain list for acme.sh
                     domain_list = " -d " + virtualHostName
                     
-                    # Check if www subdomain has DNS records
-                    if sslUtilities.checkDNSRecords(f'www.{virtualHostName}'):
+                    # Check if www subdomain has DNS records (skip for hostnames)
+                    if not isHostname and sslUtilities.checkDNSRecords(f'www.{virtualHostName}'):
                         domain_list += " -d www." + virtualHostName
                         logging.CyberCPLogFileWriter.writeToFile(f"www.{virtualHostName} has DNS records, including in acme.sh SSL request")
-                    else:
+                    elif not isHostname:
                         logging.CyberCPLogFileWriter.writeToFile(f"www.{virtualHostName} has no DNS records, excluding from acme.sh SSL request")
                     
                     command = acmePath + " --issue" + domain_list \
@@ -765,7 +765,7 @@ context /.well-known/acme-challenge {
             return 0
 
 
-def issueSSLForDomain(domain, adminEmail, sslpath, aliasDomain=None):
+def issueSSLForDomain(domain, adminEmail, sslpath, aliasDomain=None, isHostname=False):
     try:
         # Check if certificate already exists and try to renew it first
         existingCertPath = '/etc/letsencrypt/live/' + domain + '/fullchain.pem'
@@ -781,7 +781,7 @@ def issueSSLForDomain(domain, adminEmail, sslpath, aliasDomain=None):
                 
                 # Build domain list for renewal
                 renewal_domains = f'-d {domain}'
-                if sslUtilities.checkDNSRecords(f'www.{domain}'):
+                if not isHostname and sslUtilities.checkDNSRecords(f'www.{domain}'):
                     renewal_domains += f' -d www.{domain}'
                 
                 # Try to renew with explicit webroot
@@ -795,7 +795,7 @@ def issueSSLForDomain(domain, adminEmail, sslpath, aliasDomain=None):
                 else:
                     logging.CyberCPLogFileWriter.writeToFile(f"Renewal failed for {domain}, falling back to new issuance")
         
-        if sslUtilities.obtainSSLForADomain(domain, adminEmail, sslpath, aliasDomain) == 1:
+        if sslUtilities.obtainSSLForADomain(domain, adminEmail, sslpath, aliasDomain, isHostname) == 1:
             if sslUtilities.installSSLForDomain(domain, adminEmail) == 1:
                 return [1, "None"]
             else:
diff --git a/plogical/virtualHostUtilities.py b/plogical/virtualHostUtilities.py
index e50d42ed3..c0096bd75 100644
--- a/plogical/virtualHostUtilities.py
+++ b/plogical/virtualHostUtilities.py
@@ -966,7 +966,7 @@ local_name %s {
 
             adminEmail = "email@" + virtualHost
 
-            retValues = sslUtilities.issueSSLForDomain(virtualHost, adminEmail, path)
+            retValues = sslUtilities.issueSSLForDomain(virtualHost, adminEmail, path, None, isHostname=True)
 
             if retValues[0] == 0:
                 print("0," + str(retValues[1]))
@@ -1042,7 +1042,7 @@ local_name %s {
             srcPrivKey = '/etc/letsencrypt/live/' + virtualHost + '/privkey.pem'
 
             adminEmail = "email@" + virtualHost
-            retValues = sslUtilities.issueSSLForDomain(virtualHost, adminEmail, path)
+            retValues = sslUtilities.issueSSLForDomain(virtualHost, adminEmail, path, None, isHostname=True)
 
             if retValues[0] == 0:
                 print("0," + str(retValues[1]))