diff --git a/lib/load-certs.js b/lib/load-certs.js
index 5731340..c35ffe2 100644
--- a/lib/load-certs.js
+++ b/lib/load-certs.js
@@ -36,7 +36,7 @@ function loadCerts(secureContexts, certPaths, domainname, prevdomainname) {
     // guard against race condition on Promise.some
     if (prevdomainname && !secureContexts[prevdomainname]) {
       // TODO XXX make sure that letsencrypt www. domains handle the bare domains also (and vice versa)
-      secureContexts[prevdomainname] = secureContexts[domainname]; 
+      secureContexts[prevdomainname] = secureContexts[domainname];
     }
 
     return secureContexts[domainname];
diff --git a/lib/sni-server.js b/lib/sni-server.js
index 7a7d692..8e30e5e 100644
--- a/lib/sni-server.js
+++ b/lib/sni-server.js
@@ -25,6 +25,9 @@ module.exports.create = function (certPaths, serverCallback) {
     , honorCipherOrder: true
     };
 
+    secureContexts['www.example.com'] = require('tls').createSecureContext(secureOpts);
+    secureContexts['example.com'] = secureContexts['www.example.com'];
+
     //SNICallback is passed the domain name, see NodeJS docs on TLS
     secureOpts.SNICallback = function (domainname, cb) {
       // NOTE: '*.proxyable.*' domains will be truncated