Wordpress Mulitsite SSL Issues

Hello All, I need some assistance with installing SSL on Wordpress Multisite. I have AWS Lightsail WPMultisite installed, and used certbot to install SSL on the main site. For the main site, I have a wildcard SSL, so that any subdomain is covered.

The issue is that one of the sites is using a separate domain, networkcrypt.com.

I know that I can add multiple domains to one SSL, and that would probably be easiest, but I would like some help setting up virtualhost so that I can used different certificates for each site.

Would someone be so kind to walk me through?

I think you should be able to get good instructions from the provider of that WP Multisite package you are using. They know best how to set it up and manage multiple sites

I am wondering though why you chose Certbot to get certs. Usually the bncert tool included with bitnami is used unless a wildcard cert is required (it often is not).

Have you seen these Lightsail docs?

Hi, yes, I am familiar with them both. The general consensus is that you can do one of two things.

1. Create a SSL with multiple domains.
2. Use Virtualhosts to manage individual SSL for each domain.

I am interested in walking through #2.

This is a question for WordPress.
Once the sites are running [separately], they should be able to request their individual certs.

See, they don’t run separately in Multisite. This is VirtualHost question.

A valid approach is to install SSL on the main site, generate separate SSL for other domains and use SNI. I don’t know how to define the SNI for the second domain.

Server Name Indication (SNI) is an extension of the TLS protocol that allows a server to host multiple SSL certificates for different domains on a single IP address. This allows multiple secure (HTTPS) websites to be served from the same IP address without requiring all the sites to use the same certificate.

Thank you. Any help is greatly appreciated.

more than an LE community question.

It’s somewhere in this vicinity.

We are all very familiar with SNI. But, we are not a general-purpose site for helping with server config and admin. How your WP package sets up multiple VirtualHosts is under their control. You should ask them.

If you have a specific question related to Let's Encrypt certs let us know.

Hi. I am having trouble installing a LetsEncrypt certificate using SNI, specifically the definition of VirtualHost.

Since you are using Apache

$ curl -Ii http://networkcrypt.com
HTTP/1.1 200 OK
Date: Thu, 01 Aug 2024 21:23:33 GMT
Server: Apache
Link: <http://networkcrypt.com/wp-json/>; rel="https://api.w.org/"
Content-Type: text/html; charset=UTF-8

$ curl -k -Ii https://networkcrypt.com
HTTP/1.1 200 OK
Date: Thu, 01 Aug 2024 21:23:41 GMT
Server: Apache
Link: <https://networkcrypt.com/wp-json/>; rel="https://api.w.org/"
Content-Type: text/html; charset=UTF-8

Here details on Apache can be found in documentation and forums:

• Documentation: Apache HTTP Server - The Apache HTTP Server Project
• Apache HTTP Server Support - The Apache HTTP Server Project
• https://www.apachelounge.com/

Can you be more specific? Because SNI does not have much to do with getting a cert. It is a method which your Apache webserver chooses the VirtualHost to use

I like having one cert for each VirtualHost handling HTTPS. If it has multiple names in the ServerName and ServerAlias it would have each of those names.

Some people prefer having one cert with all the names in all their VirtualHosts

Can you show the Certbot command you tried and the error message?

You would have the same exact problem using every other CA.
Thus, this is NOT a CA specific problem.
Nor a problem with the ACME client.
It is primarily a problem within the web service.
You need to get that fixed first before proceeding.

No it’s not a CA problem at all. The certificate is fine. I just have to do some digging on my end. I like EJBCA.

https://httpd.apache.org/docs/current/en/vhosts/

Hey thanks guys. I’m out delivering pizzas. Will check when my shift is done. Really appreciate it. It’s been years since I’ve done any of this stuff.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.