SSL certificates on mapped domains

Can I install SSL certificates on a mapped domain(using A/CNAME records.)
Would I install this on my side or from the domain registers of the domain to be mapped?
If I can, how do I go about this?

  • Jude

    Howdy Stephen

    Hope you are keeping well and welcome to the community !

    This should be possible, but you will need to install this on your end. Take a look at these write ups on how to do this step by step

    https://premium.wpmudev.org/blog/ssl-https-wordpress/
    https://premium.wpmudev.org/blog/ssl-domain-mapping/
    https://premium.wpmudev.org/blog/domain-mapping-update/

    Oh also take a look at this, its fully free SSL certs

    https://letsencrypt.org/

    Cheers
    Jude

  • Stephen

    Ok. thank you.
    First, I am hosting my site with sitegroud which gives me unlimited ssl certificates from letsencrypt
    second, I looked through all the articles and none of them still answers my question.
    Look at it this way
    1. I want to install a separate ssl cert for each domain(one article recommends a multidomain ssl cert)
    2. after mapping, the full site will be secured without having to use the main site's ssl cert for secured pages.
    3. forcing https:// in the network admin will only work for the original domain and not the mapped domain.

    I know that there should be a way to achieve this(especially using the parked/addon domains). However, I do not want to be responsible for the other things my client may need the domain for(such as emails and ftp)

    The thing is that, there is not tutorial on how to do this. It seems like I should write a tutorial on this when I am done :wink:

  • Jude

    Hi there Stephen

    You are right about this .. looks like there is still not a good guide for this specific use case. I will give you top level pointers here in this post, let me know if you need further clarification on any of the points.

    1) Point all mapped domains as add ons to the folder where WP is installed

    2) Add Lets Encrypt certs for each mapped domain and restart Apache

    3) You can use htaccess to redirect HTTP to HTTPS as shown here.

    4) Under domain mapping settings, set Would you like to force http/https in front-end pages: to force http as shown in my screenshot

    With that you should have this system running

    Cheers
    Jude

    Cheers
    Jude

    • Stephen

      Thank you.
      It seems I was misunderstanding certain things.
      Here is what I have learnt;
      1. You would have to add the domains as parked/addon AFTER redirecting them from the client side through A/CNAME records. (I thought these were different methods themselves).
      2. When they have been added as mapped/addon, you can then purchase ssl certificates for them using the let's encrypt tool lin siteground cpanel
      3. Finally, when mapping the domain, you can then select whether or not it is http:// or https://

      This is what I intend to try. I have not done it yet to see if it works.(the new dns settings are still propagating.)
      I'll update this when I am done

  • Michael Bissett

    Hey Stephen,

    1. You would have to add the domains as parked/addon AFTER redirecting them from the client side through A/CNAME records. (I thought these were different methods themselves).

    Parked/Add-on domains are generally pointed to your hosting by specifying your host's nameservers (thus, DNS records are managed at the host), A/CNAME records wouldn't be required in that case. It would require that you, the site owner, would add each domain to your hosting's control panel.

    A/CNAME records would be used when you don't want to manage domains like this. The user wouldn't have to set up his domain to point to your nameservers, but your Multisite would need to have a dedicated IP address (and have said IP address point to the root folder for your Multisite), as the A/CNAME record would be pointing to that IP address.

    2. When they have been added as mapped/addon, you can then purchase ssl certificates for them using the let's encrypt tool lin siteground cpanel

    I've not used SiteGround's tool for this, but I feel it fair to bring up this piece from another discussion:

    With Multisite, there's a few things to consider:

    - Only a single certificate could be set up for a Multisite install, unless SNI is in use, an example of this setup would be laid out over here:

    https://www.digitalocean.com/community/tutorials/how-to-set-up-multiple-ssl-certificates-on-one-ip-with-apache-on-ubuntu-12-04

    - If the domains in question are subdomains (e.g. mysubsite.domain.com), you'll need to set up a wildcard SSL certificate for your server
    - If the domains in question are mapped domains (e.g. mysite.com), you'll need to have a UCC certificate set up for your Multisite.

    As for this:

    3. Finally, when mapping the domain, you can then select whether or not it is http:// or https://

    Yep, that's right. :slight_smile:

    Kind Regards,
    Michael

  • Stephen

    Well, I have tried my setup and it worked flawlessly. I did not have to change the DN servers. A records were enough to add the domain as addon.
    I am using SNI records so it is possible for me to have more than one ssl certificate for my domains..

    While using add-on domains does not seem necessary if A/CNAME records are already being used, that step is necessary to install an ssl certificate for the domain.

    I'll update if I discover any issues.
    To see how it's working, visit https://proudly.com.ng/stephencaosemene and https://agadyn.com

    Make sure to check the ssl certificates

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.