Someone correct me if I'm wrong (I'm a bit rusty on A records and C-names) but just because 2 addresses show the same content, does not necessarily mean they are the same website. domain.tld is a different address from www.domain.tld and by all accounts, could point to 2 different contents.

Most will re-direct to the other. So if I chose to use www.domain.tld I may redirect domain.tld to www.domain.tld or vise-versa.

If you want a certificate that covers both domain.tld and www.domain.tld - those are called wild card certificates and can cover totallyrandom.domain.tld and superhappyfuntime.domain.tld and anything else you might need (email., webmail., catslol., etc...)

So a non-wildcard certificate placed on both www and non-www is in fact, not valid because a regular every day certificate is only valid for 1 url.

There are also non-wildcard certificates, which are valid for multiple specific names, but not the case I am discussing.

https://www.digicert.com/subject-alternative-name.htm

Says it right in the marketing

"Secure Host Names on Different Base Domains in One SSL Certificate: A Wildcard Certificate can protect all first-level subdomains on an entire domain, such as *.example.com. However, a Wildcard Certificate cannot protect both www.example.com and www.example.net."

That is in fact, a wildcard certificate, just not directly advertised as such.