HSTS Redirects WWW to non-WWW

Colleagues requested to +www.domain.hk rather only domain.hk.

It is because of more friendly sharing posts on Facebook.

At the beginning:
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"

RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://domain.org.hk/$1 [L,R=301]


Not work, however.

Tried different solutions. Both also got the method failed, such as:
Your connection is not private
Attackers might be trying to steal your information from www.domain.hk (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID

www.domain.hk normally uses encryption to protect your information. When Google Chrome tried to connect to www.domain.hk this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be www.domain.hk, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged.

You cannot visit www.domain.hk right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.


Finally, as the service hours, not much time free.

Back to the simple:
certbot --apache -d domain.hk -d www.domain.hk


References


Update