I have enabled SSL for my https://example.com and that works fine, but if somone try's to enter https://www.example.com I get the message: Your connection is not secure.
Is there a way to redirect all WWW to non-http before checking the SSLcertificate? or does this need to be done on the domain dns settings?
You need either a second certificate for the subdomain, or one certificate that is valid for both. There is no way around it. The redirect happens after the SSL connection is established, so you need a working certificate for a working redirect.
With certbot you can create such a certificate by providing the -d parameter multiple times:
certbot-auto -d example.com -d www.example.com
you can make all the WWW requests redirect to https://example.com
so in the virtual host for port 80 you set the serverName with example.com and the serverAlias to www.example.com and then redirect to https://example.com which has the valid certificates
or if you want to run WWW over https you can do as Gerald said and generate certificate for both domain and it's sub domain