I have a wordpress multisite install on a dedicated server with WHM/Cpanel.
CentoOS and has Apache with Nginx as revers proxy.
My domain is something like this: waassite.host
My clients will have subdomains as clientsite.waassite.host and with the help of wp ultimo i can give them the possibility to have custom domain by A record or CNAME Record.
clientsite.waassite.host -> clientsite.com
They can all do this, but there is a problem with the fact that when a client buys a domain, it has no SSL Certificate. A solution is to ask them to make a cloudflere account or to use my namservers and then to give me the domain to add it in cpanel, but this is a pain not only for me, but for theme... it takes time to have the domain with ssl in the saas.
I see that there are solutions for SSL on CNAME records. And I have to install a pack for this...
Witch one i shoud install for SaaS SSL on CNAME record for the domains of clients?
From my own understanding, whichever one is fine (although i would suggest to you AutoSSL by cPanel, or FleetSSL cPanel).
Because the primary issue would not only be in your WordPress site, but also in your cPanel/WHM hosting. I took a look at the WordPress plugin you specified and it seems to work with cPanel seamlessly (in adding domain part).
If you have WHM admin access to your server, give AutoSSL or FleetSSL a try.
P.S. If you don't have admin access to the cPanel server... You might be better off ask developers to manually integrate something, like @griffin's cPanel consumer side option...
Hey! I have AutoSSL in Cpanel and i use it with Let's Encript... default was the service from sectigo.
What i am interested is to have SSL for the custom domains with cname record to my waas domain without adding the domains in my server as Shopify dose, but they use cloudflere enterprise plan...
I think in that case, maybe you should ask cPanel support because cPanel definitely relied on their "virtual host" or "add-on/parked domain" to attach certificates to. Unless you want to issue a blanket certificate that include every site you hosted and update the certificate every time a new domain is added, I couldn't think of another way to achieve your goal.
For secured connection on vanity domains, issuing a certificate is probably the easiest part because as they point their domain to your server, you can simply use HTTP-01 authentication to get a certificate. I guess the challenging part is the way you want to bypass cPanel despite you are hosting on cPanel...
If I'm understanding correctly, you're basically offering your clients a subdomain.
My question is though:
Which address will their visitors be using?
In many similar scenarios I've read on this forum, the service provider (you), expects both a.yourdomain.com and theirdomain.com to both be visitable (and thus have functional SSL).
Honestly, the ideal person here to ask about this is @JuergenAuer who I believe offers his own service with a similar structure. Hopefully he will add his thoughts here. Since he's in Berlin, I'm not sure when he will be around, but he's around very often, so hopefully not too long.
Add this code to your wp-config.php and it will automatically add the clientsite.com (custom domain) to your cPanel and activation of Auto SSL will automatically install the SSL on it. The clientsite.com will be live in no time.
/* WP Ultimo: Adding automatically domain syncing to cPanel */define('WU_CPANEL', true); // Tells WP Ultimo we should connect to cPanel define('WU_CPANEL_USERNAME', 'username'); // The username you use to login on your cPanel
define('WU_CPANEL_PASSWORD', 'password'); // The password you use to login on your cPanel
define('WU_CPANEL_HOST', 'mi3-ss19.a2hosting.com'); // The URL of the cPanel hosting, do not include the port or the protocol (http or https)
define('WU_CPANEL_PORT', 2083); // (Optional) Port number, if different than 2083/* end WP Ultimo */
Thank you! I have the settings... but never tried to use them. Aren't them for autocreation of the subdomain? they add the domain mapped? Didn't know that! This sholution than has to work like a charm on let's encrypt.