Wordpress Multisite, wildcard domains, and mapped domains - how to?


Here is the scenario.

My Wordpress Multisite network is located at gastonia.com. Clients sign up to get a website, immediately available at clientsite.gastonia.com (for example).

At this point, all subdomains should be covered by SSLby Let’s Encrypt Wildcard certificates.

After they finish building their website they have the option to map their domain to their subdomain via a configuration form in Wordpress (See screenshot) 37%20AM. After setting that, their website is then available at clientsite.com. Internally, Wordpress Multisite handles this - no need to configure Apache vhost files.

Ideally as soon as they make the change, their website should be immediately covered by SSL.

Is this possible to configure it this way? Would the wildcard certificate actually cover the mapped exampleclientsite.com as well?

If this is possible, how can I set this up?

If this is not possible, and I will have to go into the server to create a certificate for each mapped client domain, what’s the best way to do that?

Not long ago, I wrote this post, before I knew really what was going on, and it used the Apache approach. Now that I’ve learned a bit more, I’m wondering if the webroot approach would be best. If that’s the case, after I setup wildcard support, when a client is ready to map their domain to their sub domain and I have to manually go in and do it, can I use the webroot method even if all domains point back to the same root?

(The LE Documentation for webroot states " … potentially in a different domain." Sounds like webroot would be ideal for this?)

Typical in a wordpress multisite setup, all websites share the same base file structure. The site is installed at /var/www/html. Assets for each network site are stored at /var/www/html/wp-content/uploads/sites/site[1,2,3,etc] but these are only image files, mostly.

Our company consults on installing mutisite networks for clients. I’m endeavoring to put together a guide and share it with the community. I think a lot of people are going to want to have this same setup, so any help is understand the steps is greatly appreciated.




It’s me again.

Here’s what i did for WPMU: (First few steps are the same)

  1. My friends signed up, got a subdomain that is covered by https (wildcard)
  2. Map their domain to my records
  3. notify me so i can add Nginx vHost for their domain and apply certificate for them (Now i use DNS challenges. But webroot should work better since certbot won’t need to edit the config file much)

That’s all

Few reasons I use different vHost than one vHost:

  1. Can use Different Certificate (One vHost can only have one certificate, as what i know)
  2. Can setup different rewrite rules (Like password auth.)
  3. I don’t need to edit the long config file (if all site in one vHost)

Here are (some) answers to your question:

That is ideal. But I haven’t figured out a way to do it… (Since it needs to modify server config as well as hostnames, also apply for a certificate, reload apache)

The wildcard certificate itself won’t include your new added domains naturally, you’ll need to expand the certificate to include it. (You might hit rate limit. That’s another reason I want to use separate vHost than only one, so use SNI and get another dedicated certificate)

I think it’s possible, but have no idea how to archive it… (Sorry:grinning:)

For now, that might be the only way you can do. (Until you or someone make an automation for the certificate issuance process)

You can. WebRoot is setup another root temporarily to verify the domain (instead of using your configured path in config files). However, i think you still need to manually do this process. (Enter commands) until you find a way to automate it.

If you have a huge amount of clients.
Consider using cPanel??

They released a cPanel Solo account that might be what you want (I mean… for certificate part… since you just need to enable autossl and add the domain to your server on cPanel)

Thank you


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.