I need to rewrite https://domain.com => https://www.domain.com because of wildcard SSL
Solution 1:
Unfortunately the name that the client is talking to is checked against the certificate by the client, not the server. As far as the client is concerned it is talking to domain.com not <something>.domain.com - it will be unaware of any URL rewriting that is being done at the server end.
So you will need an extra certificate for the other name to avoid certificate errors.