Adding additional certificates to WP Multisite

My domain is: daniellewisjj,com

I ran this command: certbot --apache

It produced this output: shows current domains with the wordpress multisite setup but not the new site addition

The operating system my web server runs on is (include version): Debian 10

My hosting provider, if applicable, is: Linode

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): 0.31.0

Short version hopefully. Setup Wordpress for multisite use with domains dlmdesigns.co.uk then the multisites are daniellewisjj.uk, inmotionbucks.uk, thegrapplingaddict.com these all worked great and have ssl. They are associated with the dlmdesigns.co.uk website as their cert issued to.

However I transferred in daniellewisjj.com and would like the replace daniellewisjj.uk with the .com version. However I cannot seemingly add the .com

When I run certbot --apache I get the other 4 domains listed but not the daniellewisjj.com one. It currently has it's own wordpress site with the initial hello world content so it is active.

Any help on this would be great.

Hi @couzo, and welcome to the LE community forum :slight_smile:

Sounds like a typical Apache/WordPress... confusion.
Start with the output of:
sudo apachectl -t -D DUMP_VHOSTS

Thanks for the welcome @rg305

That outputs

VirtualHost configuration:
*:443 85.159.210.215 (/etc/apache2/sites-enabled/wordpress-le-ssl.conf:2)
*:80 85.159.210.215 (/etc/apache2/sites-enabled/wordpress.conf:6)

1 Like

We should have a look at those two files.

wordpress.conf

<Directory /var/www/wordpress/>
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
</Directory>
<VirtualHost *:80>
    ServerName 85.159.210.215
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/wordpress/
    ErrorLog /var/log/apache2/wordpress/error.log
    CustomLog /var/log/apache2/wordpress/access.log combined
    <files xmlrpc.php>
    order allow,deny
    deny from all
    </files>
RewriteEngine on
RewriteCond %{SERVER_NAME} =daniellewisjj.uk [OR]
RewriteCond %{SERVER_NAME} =85.159.210.215 [OR]
RewriteCond %{SERVER_NAME} =thegrapplingaddict.com [OR]
RewriteCond %{SERVER_NAME} =dlmdesigns.co.uk [OR]
RewriteCond %{SERVER_NAME} =inmotionbucks.uk
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

wordpress-le-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
    ServerName 85.159.210.215
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/wordpress/
    ErrorLog /var/log/apache2/wordpress/error.log
    CustomLog /var/log/apache2/wordpress/access.log combined
    <files xmlrpc.php>
    order allow,deny
    deny from all
    </files>

ServerAlias dlmdesigns.co.uk
Include /etc/letsencrypt/options-ssl-apache.conf
ServerAlias inmotionbucks.uk
ServerAlias thegrapplingaddict.com
ServerAlias daniellewisjj.uk
SSLCertificateFile /etc/letsencrypt/live/dlmdesigns.co.uk/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/dlmdesigns.co.uk/privkey.pem
</VirtualHost>
</IfModule>

The secured config seems to use four names; but not the one you are looking for:

Please show:
certbot certificates
to better understand where, and how, to place the missing name.

While the HTTP config doesn't use any names at all.

But because it is the only HTTP config, it will be the default used when a name is not exactly matched.

Found the following certs:
Certificate Name: dlmdesigns.co.uk
Domains: dlmdesigns.co.uk daniellewisjj.uk inmotionbucks.uk thegrapplingaddict.com
Expiry Date: 2021-11-13 18:51:07+00:00 (VALID: 88 days)
Certificate Path: /etc/letsencrypt/live/dlmdesigns.co.uk/fullchain.pem
Private Key Path: /etc/letsencrypt/live/dlmdesigns.co.uk/privkey.pem

I setup these sites up with the wp multisites process first and want to add the daniellewisjj.com after these if that helps at all.

Step #1: Replace that cert with one that has all the names on it.
This may require:

  • fixing WordPress to serve the missing site (at least via HTTP)
    OR
  • running certbot without --apache and in a way that can get all the names on one cert

I would choose the second option... but I'm not much into pressing words.

I will try the second option. Sorry could you clarify what you mean by run certbot without --apache?

I am wondering if it would be better to remove the certificates and start again?

I ran cerbot and got the same list of names.

OK.
As a test, I would start with something like:

certbot certonly \
--cert-name all-sites \
--webroot -w /var/www/wordpress \
-d "daniellewisjj.com,daniellewisjj.uk,dlmdesigns.co.uk,inmotionbucks.uk,thegrapplingaddict.com" \
--dry-run

[add any domains that I might have missed]

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for daniellewisjj.com
http-01 challenge for daniellewisjj.uk
http-01 challenge for dlmdesigns.co.uk
http-01 challenge for inmotionbucks.uk
http-01 challenge for thegrapplingaddict.com
Using the webroot path /var/www/wordpress for all unmatched domains.
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:

  • The dry run was successful.
  • Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.

You missed the fine print:

BINGO!

Now just remove the --dry-run to get a new cert with all those names on it.
[note: It has a new cert name ("all-sites") and will create a new cert path - which we will have to switch to in the file: /etc/apache2/sites-enabled/wordpress-le-ssl.conf]
Then after we switch to the new cert, we can delete the old cert.

Do you know how to edit a file?

Great so I need to run

certbot certonly \
--cert-name all-sites \
--webroot -w /var/www/wordpress \
-d "daniellewisjj.com,daniellewisjj.uk,dlmdesigns.co.uk,inmotionbucks.uk,thegrapplingaddict.com" 

Then edit the wordpress-le-ssl.conf

Yes I kind of go old (Simple) school my editing and do it notepad style but I can do it.

1 Like

remove the --dry-run and the trailing "\" in the line above it.
but yes and yes.

One step at a time.
Get the new cert.
Then show the output of:
certbot certificates

Obtaining a new certificate

IMPORTANT NOTES:

  • Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/all-sites/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/all-sites/privkey.pem
    Your cert will expire on 2021-11-15. To obtain a new or tweaked
    version of this certificate in the future, simply run certbot
    again. To non-interactively renew all of your certificates, run
    "certbot renew"

  • If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let's Encrypt: Donate - Let's Encrypt
    Donating to EFF: Support EFF's Work on Let's Encrypt | Electronic Frontier Foundation

1 Like

There should be two certs now.