Wordpress Multisite - Possible to configure letsencrypt without separate apache files?

blue928 · February 1, 2018, 1:40pm

I couldn’t decide on what would be the best title for this thread, so here are both, which sum up what I’m trying to achieve.

“How can I setup wordpress multisite with letsencrypt”

or

“Can letsencrypt be used with multiple domain names without having to have a separate .conf configuration file for each virtual host?”

When setting up wordpress multisite, sites in the network initially get a sub domain from which the user can work (clientsite.mynetwork.com).

I’m very excited to see wildcard support coming on Feb 27! This is really going to help our workflow when this is ready.

When a client is ready, they go into their DNS, switch the A record to our IP, and, inside their wordpress site, map their domain to their subdomain (myclientcompany.com -> clientsite.mynetwork.com. https://codex.wordpress.org/WordPress_Multisite_Domain_Mapping)

In the link above describing how to setup SSL encryption, wordpress instructs, “Install SSL for the primary domain and use SERVER NAME INDICATION (SNI) for all other domains. Every domain should have SSL installed to ensure encrypted admin login.”

Does letsencrypt support SNI, and could you please point me to a resource about setting it up if so?

If not, or if there is a better approach, how can we setup LE to work with a wordpress multisite network?

The ultimate goal here, if possible, is to not have to go into the server environment and manually setup a vhost file each time a new TLD is mapped. I was thinking about writing a script to automate the process, or a cron job, if LE requires a .conf file per domain name.

(Current server environment is LAMP, ubuntu 17.04 with Apache 2.4)

stevenzhu · February 1, 2018, 2:43pm

Hi,

This question was answered:

SNI is about your server config, not what an SSL issuer can do.

You don't need to intentionally setup SNI, the thing you want is setup different ssl hosts.(however that is not what you wants to do if you don't want to set up vhost each time)

So, my suggestion at your situation right now :take advantage of SAN names LE can issue (Up to 100 domains). Which means only use one cert that contains all your client domains.(Or you probably need to setup virtual hosts for each domain).
**Warning:**If you use this method, remember to add each new san to your existing vhost.

Actually, the ultimate (personal) suggestion is to get a CPanel and add domains under one account, use letsencrypt automatic SSL. (That's easier but costs more each month)

Thank you and good luck,

Steven Zhu

kameleon1er · February 14, 2018, 2:14pm

Hi there, got the same questions on this kind of Wordpress MU + VPS + LetsEncrypt configuration.

In my : /etc/apache2/sites-available

I have :

- 000-default.conf
- default-ssl.conf

and my WordPress MU Apache2 conf like :

MyWordpressMU.conf    
MyWordPressMU.subsite1.conf (port :*:80)
MyWordPressMU.subsite2.conf (port :*:80)

but I have also for another mu install :

MyWordPressMU.subsite3.conf (port :*:80)
+
MyWordPressMU.subsite3-le-ssl.conf (with ssl directives inside)(port :*80 and port *:443)

If I want put my WPressMU with SSL, do I need 2 apache VHosts per external domain (from my client : DNS zone > my IP-Server) or may I just have one with *80 and *443 directives in just one file ?

If my WordPress MU (the Master) is with SSL, is all subsites works with the Master-ssl.conf or do I need to configure one SSL-vhost per subsites ?

I hope to be clear enough it’s still little confusing in my mind.

Thanks a lot.

system · March 16, 2018, 2:14pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.