Detailed instructions on how to install SSL on a single mapped domain within subdirectory structure

I have a multisite network that has a subdirectory (not subdomain) structure. I’m trying to install SSL on one of the mapped domains. I’ve successfully used the wpmudev Domain Mapping plugin to map the domain, which is working fine.

I know how to use a single SSL for the entire network (which I have working properly), but am trying to get an SSL attached to a specific mapped domain, so as to the avoid the ugly certificate mismatch warning. Once I know how, I plan to repeat the process for all my mapped domains on the network.

Can you point me to any articles or write up some instructions on how I can accomplish this for a single mapped domain? I have a VPS with SNI and Lets Encrypt installed. cPanel, WHM, and SSH root access of course. Thanks!

  • Kasia Swiderska
    • Support nomad

    Hello xbladerunner,

    Did you check documentation for cPanel about SNI https://documentation.cpanel.net/display/ALD/Install+an+SSL+Certificate+on+a+Domain#InstallanSSLCertificateonaDomain-SNIandmultiplecertificates ? About installing SSL certificates with Lets Encrypt we have great article here https://premium.wpmudev.org/blog/free-ssl-https-cpanel/

    If you have installed certificate then you map your domain with https schema.

    There is few threads on forum about mapping domains with separate SSL, but they mostly recommend using Cloudflare free SSL that should be less problematic to use https://premium.wpmudev.org/forums/topic/how-to-setup-ssl-for-mapped-domains

    Let me know what exact step is problematic in cpanel documentation and we will try to resolve it.

    kind regards,

    Kasia

  • xbladerunner
    • Syntax Hero

    Thanks Kasia!

    I’m using the official cpanel plugin for Lets Encrypt. It is successfully installed, and designated as my choice for autossl. My multisite network has its own cPanel, and I’ve granted privileges in WHM for the user name for that cPanel account to use autossl.

    The network subsite of which I wish to provide its own SSL is mapped via our (WPMUDEV) Domain Mapping plugin, and configured as https://www.site3.com and https://site3.com, with the front end redirected to the primary (mapped) domain. This part works fine, e.g., you go to the site when you type it in, BUT you get a certificate mismatch error as site3 is still using the network certificate instead of its own.

    I have added an addon domain in cPanel for site3, and from WHM I have run autoSSL for all users. When I check the autoSSL error log, I find that the addon domain is detected, but has a “failed domain control validation” error associated with it — specifically is says that the addon domain “does not resolve to any IP4 addresses on the internet”… I’m unclear on what to do next to resolve the issue.

  • Ash
    • WordPress Hacker

    Hello xbladerunner

    Do you have let’s encrypt ssl certificate for all domains? Is it configured as multidomain SSL?

    Here is an article you can take help with: https://www.digitalocean.com/community/tutorials/how-to-set-up-let-s-encrypt-certificates-for-multiple-apache-virtual-hosts-on-ubuntu-14-04

    I would recommend to try the mapped domain as standalone first, without mapping to any subsite. First you need to make sure that the mapped domain works, and then map the domain using domain mapping tool.

    Have a good day!

    Cheers

    Ash

  • xbladerunner
    • Syntax Hero

    Thanks Ash,

    Do you have let’s encrypt ssl certificate for all domains?

    I’m not sure what you mean. I have the lets_encrypt_autossl_provider installed, as described here: https://halfelf.org/2016/lets-encrypt-cpanel/

    The article you provided describes using a different installation, one which does not automatically assign addon domains a certificate. The official cPanel installation of Lets Encrypt provides for auto certification of addon domains AS WELL AS auto renewal. The EFF one (described in the article you provided) appears to only provide auto renewal — you have to use a terminal each time you want to add a certificate.

    Now if I could only get it to work…

    I would recommend to try the mapped domain as standalone first, without mapping to any subsite. First you need to make sure that the mapped domain works, and then map the domain using domain mapping tool.

    I’m totally lost in your directions here — could you phrase it differently? I’m using the WPMUDEV Domain Mapping Plugin — are you suggesting I map the domain name of the subdirectory in a different way? e.g., how do I make sure a mapped domain works before I map it? (I mentioned earlier that that the domain mapping plugin is appropriately redirecting visitors to the proper location — but that’s not what you mean, right?)

    I am able to get Lets Encrypt to create a certificate correctly for main domain of a cPanel account, but not on a subdirectory of the multisite network…

  • Ash
    • WordPress Hacker

    Hello xbladerunner

    Sorry for being not so clear in my earlier reply.

    I am able to get Lets Encrypt to create a certificate correctly for main domain of a cPanel account

    I wanted you to make sure this for addon domain too before mapping :slight_smile:

    So, for example, your main domain is abc.com and your mapped domain is xyz.com. What I wanted you to test more is, unmap the domain and point it to a subdirectory. Now visit https://xyz.com and check if you still see warning. This way we can confirm if any issue with domain mapping plugin or not. If it doesn’t work then we are sure the issue is with SSL setup. In that case your host may suggest you better.

    Please let us know how it goes.

    Have a good day!

    Cheers

    Ash

  • xbladerunner
    • Syntax Hero

    Thanks Ash —

    I think I figured it out, but I want to do some more testing. I’m planning to write a step-by-step tutorial this week on how to do it for a developer presentation I have this weekend. I’ll post back here later this week to close the ticket if all is well :slight_smile:

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.