SaaS SSL for a wp multisite with wp ultimo plugin

Hello!
I have a wordpress multisite install on a dedicated server with WHM/Cpanel.
CentoOS and has Apache with Nginx as revers proxy.
My domain is something like this: waassite.host
My clients will have subdomains as clientsite.waassite.host and with the help of wp ultimo i can give them the possibility to have custom domain by A record or CNAME Record.
clientsite.waassite.host -> clientsite.com
They can all do this, but there is a problem with the fact that when a client buys a domain, it has no SSL Certificate. A solution is to ask them to make a cloudflere account or to use my namservers and then to give me the domain to add it in cpanel, but this is a pain not only for me, but for theme... it takes time to have the domain with ssl in the saas.

I see that there are solutions for SSL on CNAME records. And I have to install a pack for this...

Witch one i shoud install for SaaS SSL on CNAME record for the domains of clients?
Thank you!

1 Like

Hi,

From my own understanding, whichever one is fine (although i would suggest to you AutoSSL by cPanel, or FleetSSL cPanel).
Because the primary issue would not only be in your WordPress site, but also in your cPanel/WHM hosting. I took a look at the WordPress plugin you specified and it seems to work with cPanel seamlessly (in adding domain part).
If you have WHM admin access to your server, give AutoSSL or FleetSSL a try.

P.S. If you don't have admin access to the cPanel server... You might be better off ask developers to manually integrate something, like @griffin's cPanel consumer side option...

1 Like

Hey! I have AutoSSL in Cpanel and i use it with Let's Encript... default was the service from sectigo.
What i am interested is to have SSL for the custom domains with cname record to my waas domain without adding the domains in my server as Shopify dose, but they use cloudflere enterprise plan...

1 Like

I don't think it's possible. cPanel does not allow you to point domain to cPanel's IP without adding it on the server, and expect it to work.

1 Like

The A record on IP and CNAME record on domain work without o problem!
All i need is to have SSL Certificates for those who map domains to my waas with cname record. I see that this is posible!

1 Like

I think in that case, maybe you should ask cPanel support because cPanel definitely relied on their "virtual host" or "add-on/parked domain" to attach certificates to. Unless you want to issue a blanket certificate that include every site you hosted and update the certificate every time a new domain is added, I couldn't think of another way to achieve your goal.
For secured connection on vanity domains, issuing a certificate is probably the easiest part because as they point their domain to your server, you can simply use HTTP-01 authentication to get a certificate. I guess the challenging part is the way you want to bypass cPanel despite you are hosting on cPanel...

1 Like

Whell, from what i saw even on this support forum, there are some people that tried http-01, but never said what they had used from that list!

1 Like

Welcome to the Let's Encrypt Community :slightly_smiling_face:

I've been following this thread for the past few minutes per @stevenzhu's tagging of me. I'm trying to make sure that I clearly understand what you're trying to do.

1 Like

Greenlock - some people said that they use this

1 Like

Hello, griffin! Thank you!

2 Likes

If I'm understanding correctly, you're basically offering your clients a subdomain.

My question is though:

Which address will their visitors be using?

In many similar scenarios I've read on this forum, the service provider (you), expects both a.yourdomain.com and theirdomain.com to both be visitable (and thus have functional SSL).

Honestly, the ideal person here to ask about this is @JuergenAuer who I believe offers his own service with a similar structure. Hopefully he will add his thoughts here. Since he's in Berlin, I'm not sure when he will be around, but he's around very often, so hopefully not too long.

1 Like

Yes! This is is exactly how it has to work! Thank you!
There is allmost no documentation on this! Only paid services for something that is allready free!

1 Like

Any updates on this?

@JuergenAuer , can you help me with this topic please?

Hi @AlphaPrime

I don't understand your question. I read every topic, if I don't have an answer, I don't write. You see - no answer.

I don't use cPanel and WordPress, I have no idea how the combination of cPanel and WordPress works.

I have my own (Windows-based) .NET-application with an own ACME-client (not published). So it's a completely different setup.

1 Like

Add this code to your wp-config.php and it will automatically add the clientsite.com (custom domain) to your cPanel and activation of Auto SSL will automatically install the SSL on it. The clientsite.com will be live in no time.

/* WP Ultimo: Adding automatically domain syncing to cPanel */define('WU_CPANEL', true);                          // Tells WP Ultimo we should connect to cPanel            define('WU_CPANEL_USERNAME', 'username');           // The username you use to login on your cPanel
define('WU_CPANEL_PASSWORD', 'password');           // The password you use to login on your cPanel
define('WU_CPANEL_HOST', 'mi3-ss19.a2hosting.com'); // The URL of the cPanel hosting, do not include the port or the protocol (http or https)
define('WU_CPANEL_PORT', 2083);                     // (Optional) Port number, if different than 2083/* end WP Ultimo */

Good Luck

Thank you! I have the settings... but never tried to use them. Aren't them for autocreation of the subdomain? they add the domain mapped? Didn't know that! This sholution than has to work like a charm on let's encrypt.
Thank you!