Can I use SSL with a Multi Network Setup?

I have created a Multi-Network environment - note Multi-Network not Multisite - and I wondered if a single SSL certificate that is currently used on the original domain can be used across all the Networks. The SSL Certificate was issued through Let's Encrypt but I didn't set it up so I am not sure how it is configured at the moment.

Thanks for any help in advance,

Regards
Mark

  • Fabio Fava
    • WordPress DevOps

    Hey Atkotech

    I have a Multi Network working with a single Let's Encrypt SSL at Cloudways. We're still waiting them (Cloudways) to implement the Wildcard Let's Encrypt SSL so it will make it a bit easier to hav working with sub-domains as well. But it works fine, as long as you add each of the domains on the Cert.

    Hope it helps, cheers.

  • Adam Czajczyk
    • Support Gorilla

    Hello Atkotech

    I hope you're well today and thank you for your question!

    The SSL is more of a "cert <-> domain" relationship rather than whether that's single, multi-site or multi-network WP install. I assume that by "single certificate" you mean a regular single-domain SSL certificiate, is that right?

    If so, that should work as long as your networks (multi-sites within multi-network) are installed under "sub-folder URL's" of main domain and they are "sub-folder setups" themselves.

    If they there are sub-domains involved, you'd need a wild-cart cert and if the multi-sites within multi-network are under their own domains - then you'd need either a multi-domain cert or separate certs for each of the domains.

    That's really not much different from any other case (e.g. from case of just a multi-site or multi-site with mapped domains) regardless of whether that's Multi-Network or not. The point is that the certificate(s) must cover domain(s) that are used :slight_smile:

    Best regards,
    Adam

    • Atkotech
      • Recruit

      Thanks for your reply Adam Czajczyk

      I am currently set up as using sub domains as the originating site was already in operation once I converted to multisite/multi-network.

      I spoke to the person who set up my SSL with Let's Encrypt & he told me

      "For example your clients would be able to log into webmail via webmail.mydomain.com. Currently that subdomain is reachable over HTTPS, so the SSL installed on the parent domain also includes the subdomains."

      With him telling me this I thought I best check it worked on Multi-Network before I delved any further in to my setup. I know from the WPMU-Dev blog it can be done on Multisite using a combination of Domain Mapping & Multi-Domains plugins as just one way.

      Thanks for your help,
      Mark

      • Adam Czajczyk
        • Support Gorilla

        Hi Atkotech

        If I correctly understand the certificate covers "wild-card" so if your sub-networks are under sub-domains that, I think, should be fine.

        Domain Mapping & Multi-Domains are a bit different thing though. They cannot be used to "map domains to sub-networks", I'm afraid. They can be used on multi-sites with every network and they would act "per multisite", but not per entire Multi-Network.

        Best regards,
        Adam

          • Adam Czajczyk
            • Support Gorilla

            Hi,

            Yes, that's right Fabio Fava, it should work fine this way :slight_smile: I only meant that Domain Mapping cannot be used on "network level" in that meaning that:

            - you got Multisite A under "a.domain.com"
            - you got Multisite B under "b.domain.com"

            - you can't use Domain Mapping plugin to map "something.net" domain do "b.domain.com" (the main site of the Multisite B child-network)

            But yes, you can use Multi-Domains on each of "sub-Multisites" (child-networks) and you can use Domain Mapping there and they should work just fine :slight_smile:

            I hope that clarifies what I had in mind, sorry for causing confusion :slight_smile:

            Cheers,
            Adam

          • Fabio Fava
            • WordPress DevOps

            Yes, just in my case I have different domains for each Child-Network:

            Main Network -> domain.com
            2nd Network -> domain2.com
            3rd Network -> domain3.com
            3rd Network's 1st Child-Site -> domainxyz.com

            And so on. So, just by each Network (Multisite) having a different domain. And as you've said, it works just fine. It all actually works very solid, stable.

            Cheers.

  • Atkotech
    • Recruit

    Thanks for your reply Fabio Fava

    Are you using individual domain names for each new site across your Networks? I don't plan on using new domain names for each site. At the moment they all are set up like xxx.mynetwork.com and will remain like that for the foreseeable future. Are you saying I need to add each sub-domain (xxx.mynetwork.com) on to the cert even though it is a sub-domain of the original domain as opposed to a new domain name? Shouldn't the cert already recognise the sub-domains as being the originating domain if it is set up as a wildcard?

    Thanks
    Mark

  • Fabio Fava
    • WordPress DevOps

    Hey Atkotech

    At Cloudways, you can add up to 100 domains to a single Let's Encrypt SSL, their Platform UI allows that. But it's a bity tricky to have child-sites using sub-domains, and not only SSL-wide. As Adam Czajczyk said, you'll need a Wildcard SSL to cover your sub-domains child-sites (wich tends to be expensive).

    I assume that later this year Cloudways will implement the Wildcard Let's Encrypt, and this will allow your setup to work with sub-domains, just adding *.domain.tld on your Cert. But it's not working yet and they don't give us a timeframe for this to be implemented. Hope that's soon.

    Cheers.

  • Atkotech
    • Recruit

    Okay I have some further news. Apparently everything checks out okay despite it not 'appearing' so in my browser. I have been given this link, I will post here in case anyone else needs to check validity of their own certificate now or in the future

    https://www.sslshopper.com/ssl-checker.html

    Everything checks out fine according to that link. It checks five key areas, mine passed four out of the five. The first is the IP the domain resolves to. The second is the server type. The third confirms the certificate should be trusted on all major browsers, the fourth details the expiry date of the certificate. The final point is where mine fails. It says;

    None of the common names in the certificate match the name that was entered (xxx.mydomain.net). You may receive an error when accessing this site in a web browser. Learn more about name mismatch errors.

    I assume this is where I need to make sure my sub-domain is listed in the cert, right?

    Thanks again, guys

    Mark

  • Atkotech
    • Recruit

    Quick question on this matter. i am being told to create sub domains for each one that I want & then to request in my hosting a free certificate for each sub domain I need one for. If I physically create sub-domains won't that ruin my WordPress install? Also how could I do this on a Multi-Network platform as they can be much deeper than a simple sub domain. You can have something like xxx.mysubdomain.mymaindomain.com which you couldn't create in your DNS could you? Something I've never tried anyway.

    Mark

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.