SSL problem WordPress multisite

Client has SSL certificates for both sites in this installation but no wildcard certificate. Is it still possible to install the certificates on both websites?
I have read and searched through the support department but can't find the answer to my question.
I also granted support acces in the website so you can take a look.

  • Adam Czajczyk

    Hello Ariane

    I hope you're well today and thank you for your question!

    I'm not quite sure what do you mean by "both sites": do you mean main site of Multisite and the sub-site that has the mapped domain (cert for that mapped domain)? Or do you mean mapped domain and original sub-domain of that mapped domain?

    If only your host supports SNI you can install as many SSL certs on a single account as you want. However, the question is how will the site work with them.

    Since this is a sub-domain based Multisite, if you want to protect mapped domain with SSL certificate, the original sub-domain should actually also be protected with SSL certificate in order to avoid mixed-content/CORS issues. So: if you got a cert for original sub-domain and another one for a mapped domain then yes - you can keep the main site and other sub-sites on non-secure http connection and only SSL-protect that one sub-site with mapped domain.

    But if you have a non-wildcard cert for the main domain and another one for the mapped domain of the sub-site, this will most likely cause some mixed-content/CORS-policy issues. There are 3 alternative ways to deal with it:

    1. Get an additional SSL certificate for that specific sub-domain of the site that's got mapped domain

    2. Instead of non-wildcard certificate for the main domain, get a wild-card one (so it will cover all current and future sub-sites)

    3. Instead of adding/changing certificates, turn your Multisite install from sub-domain based to sub-folder based because for sub-folder based install you don't need wildcard certificate to protect entire install. Take a look here, please:

    https://premium.wpmudev.org/blog/change-multisite-sub-directories-sub-domains/

    Please note: in all these cases you'd still need a certificate for a mapped domain too.

    Personally, I'd rather go for the 2nd option as the first one is not a "long-term solution" and the last one can sometimes be a bit risky (well, it's not that risky but might result in some unexpected issues that would then need to be tracked down and solved).

    If you have any additional questions, let me know please.

    Kind regards,
    Adam

  • splaquet

    Assuming that the primary website has a dedicated IP, this is possible.

    - create an add-on domain
    -- use new .com
    -- set the add-on name to something other than the domain name (eg: domainname.com would be domainnamecom, or anything else other than domainname.com)
    -- set the root folder to /public_html

    I went through a ton of headaches while trying to setup a multisite with 6 different mapped domains, each with their own SSL cert and a wildcard on the primary. After working with cPanel to find a solution, we ultimately find out that *if the domains are hosted under/on the same cPanel account, they cannot have the same name as the account*

    Hope that helps!

  • Adam Czajczyk

    Hello Ariane

    Redirect/forwarding is not a good way to go here. What you need is to make sure that the "root folder" (sometimes referred to as a "document root" too) for that new domain is set to the same exact path as the "root folder" for the main domain of your multisite.

    That will result in that new domain loading the main site of your multisite (though probably with some styles missing) before doing any mapping. Then, after you map the domain, WordPress will take care of the rest.

    Kind regards,
    Adam

  • splaquet

    yeah, what you're looking for in Plesk is "add-on domain". and again, you need to make sure that it's name IS NOT "novurania". You'd need to use "novuraniaeu", or something/anything other than "novurania".

    you brought up a good point. you'll need to ensure that you have an A record DNS entry for *, pointing to your dedicated IP. it might take a quick minute for that new info to propagate, if you're doing it just now. i couldn't figure out why it wasn't working on my end. I then realized that i wasn't being patient :wink:

    - create your new multi-site instance, such as novurania.jettender.com

    - create a new add-on domain for novurania.eu
    -- domain: novurania.eu
    -- name: novuraniaeu
    -- root/home folder: public_html (as Adam Czajczyk mentioned, you don't want it pointing to your newly added novuraniaeu folder, which is where it's going to want to point it to by default)

    -- install your SSL cert for novurania.eu

    -- let the magic happen (the magic that is DNS propagation :wink: ), and that should do ya

    ***

    as I mentioned, i truly stumbled through this process myself. i was working with cPanel support to figure it all out. they found out that it's the way that Apache works and how it handles the httpd.conf content. when you don't use something other than novurania.eu for the name, it will try and create a duplicate entry *in the wrong place*. That's what causes the inability to apply the SSL cert in the end, if you don't follow the process that I've outlined above.

    I realize that this is a slightly more advanced setup than most folks have, but it's still something that I feel should be included in "WPMU's Ultimate Guide to Setting up MultiSite". I've mentioned to Mr. James Farmer that he should consider adding this section into the guide... because you're not the first and you won't be the last, bumping into this quirk.

    i'd assume that the guide was drafted up, assuming that most folks have their mapped domains handled at third party locations. if that was the case, their Ultimate Guide would be spot on. the problem is that the Guide takes you down a path assuming that you're not going to be hosting SSL certificates and mapped domains locally. if that is the case, the guide actually steers you down the wrong path. figuring out what you did wrong is mind numbing... well, it was for me at least :wink:

    i have a feeling that we're going to see this scenario happening more often, as SSL certs are becoming more popular than ever. James Farmer, maybe that's a good enough reason to update that "Ultimate Guide" that you folks have :wink:

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.