SSL problem WordPress multisite

Client has SSL certificates for both sites in this installation but no wildcard certificate. Is it still possible to install the certificates on both websites?

I have read and searched through the support department but can't find the answer to my question.

I also granted support acces in the website so you can take a look.

  • Adam Czajczyk
    • Support Gorilla

    Hello Ariane

    I hope you’re well today and thank you for your question!

    I’m not quite sure what do you mean by “both sites”: do you mean main site of Multisite and the sub-site that has the mapped domain (cert for that mapped domain)? Or do you mean mapped domain and original sub-domain of that mapped domain?

    If only your host supports SNI you can install as many SSL certs on a single account as you want. However, the question is how will the site work with them.

    Since this is a sub-domain based Multisite, if you want to protect mapped domain with SSL certificate, the original sub-domain should actually also be protected with SSL certificate in order to avoid mixed-content/CORS issues. So: if you got a cert for original sub-domain and another one for a mapped domain then yes – you can keep the main site and other sub-sites on non-secure http connection and only SSL-protect that one sub-site with mapped domain.

    But if you have a non-wildcard cert for the main domain and another one for the mapped domain of the sub-site, this will most likely cause some mixed-content/CORS-policy issues. There are 3 alternative ways to deal with it:

    1. Get an additional SSL certificate for that specific sub-domain of the site that’s got mapped domain

    2. Instead of non-wildcard certificate for the main domain, get a wild-card one (so it will cover all current and future sub-sites)

    3. Instead of adding/changing certificates, turn your Multisite install from sub-domain based to sub-folder based because for sub-folder based install you don’t need wildcard certificate to protect entire install. Take a look here, please:

    https://premium.wpmudev.org/blog/change-multisite-sub-directories-sub-domains/

    Please note: in all these cases you’d still need a certificate for a mapped domain too.

    Personally, I’d rather go for the 2nd option as the first one is not a “long-term solution” and the last one can sometimes be a bit risky (well, it’s not that risky but might result in some unexpected issues that would then need to be tracked down and solved).

    If you have any additional questions, let me know please.

    Kind regards,

    Adam

  • splaquet
    • The Incredible Code Injector

    Assuming that the primary website has a dedicated IP, this is possible.

    – create an add-on domain

    — use new .com

    — set the add-on name to something other than the domain name (eg: domainname.com would be domainnamecom, or anything else other than domainname.com)

    — set the root folder to /public_html

    I went through a ton of headaches while trying to setup a multisite with 6 different mapped domains, each with their own SSL cert and a wildcard on the primary. After working with cPanel to find a solution, we ultimately find out that *if the domains are hosted under/on the same cPanel account, they cannot have the same name as the account*

    Hope that helps!

  • Ariane
    • Design Lord, Child of Thor

    Hi Splaquet,

    I started to type an answer yesterday but I think I forgot to hit ‘Post’ .

    This issue is working now, client had a Positive SSL Multi-domain and I got it working with that.

    Thanks for your reply!

  • Ariane
    • Design Lord, Child of Thor

    While trying to add a third website I am having problems again.

    How should the new domain, novurania.eu be in Plesk?

    Do I use forward to? and then to main domain (jettender.com), subdomain (novurania.jettender.com) or wildcard domain (*jettender.com)

    Really greatfull for answers.

    Ariane

  • Adam Czajczyk
    • Support Gorilla

    Hello Ariane

    Redirect/forwarding is not a good way to go here. What you need is to make sure that the “root folder” (sometimes referred to as a “document root” too) for that new domain is set to the same exact path as the “root folder” for the main domain of your multisite.

    That will result in that new domain loading the main site of your multisite (though probably with some styles missing) before doing any mapping. Then, after you map the domain, WordPress will take care of the rest.

    Kind regards,

    Adam

  • splaquet
    • The Incredible Code Injector

    yeah, what you’re looking for in Plesk is “add-on domain”. and again, you need to make sure that it’s name IS NOT “novurania”. You’d need to use “novuraniaeu”, or something/anything other than “novurania”.

    you brought up a good point. you’ll need to ensure that you have an A record DNS entry for *, pointing to your dedicated IP. it might take a quick minute for that new info to propagate, if you’re doing it just now. i couldn’t figure out why it wasn’t working on my end. I then realized that i wasn’t being patient :wink:

    – create your new multi-site instance, such as novurania.jettender.com

    – create a new add-on domain for novurania.eu

    — domain: novurania.eu

    — name: novuraniaeu

    — root/home folder: public_html (as Adam Czajczyk mentioned, you don’t want it pointing to your newly added novuraniaeu folder, which is where it’s going to want to point it to by default)

    — install your SSL cert for novurania.eu

    — let the magic happen (the magic that is DNS propagation :wink: ), and that should do ya

    ***

    as I mentioned, i truly stumbled through this process myself. i was working with cPanel support to figure it all out. they found out that it’s the way that Apache works and how it handles the httpd.conf content. when you don’t use something other than novurania.eu for the name, it will try and create a duplicate entry *in the wrong place*. That’s what causes the inability to apply the SSL cert in the end, if you don’t follow the process that I’ve outlined above.

    I realize that this is a slightly more advanced setup than most folks have, but it’s still something that I feel should be included in “WPMU’s Ultimate Guide to Setting up MultiSite”. I’ve mentioned to Mr. James Farmer that he should consider adding this section into the guide… because you’re not the first and you won’t be the last, bumping into this quirk.

    i’d assume that the guide was drafted up, assuming that most folks have their mapped domains handled at third party locations. if that was the case, their Ultimate Guide would be spot on. the problem is that the Guide takes you down a path assuming that you’re not going to be hosting SSL certificates and mapped domains locally. if that is the case, the guide actually steers you down the wrong path. figuring out what you did wrong is mind numbing… well, it was for me at least :wink:

    i have a feeling that we’re going to see this scenario happening more often, as SSL certs are becoming more popular than ever. James Farmer, maybe that’s a good enough reason to update that “Ultimate Guide” that you folks have :wink:

    • Adam Czajczyk
      • Support Gorilla

      Hi splaquet

      I hope you’re doing fine today :slight_smile:

      That’s insightful feedback, I think you mentioned some important points here so thank you for that! I appreciate you taking the time and effort to share it with us (I already made some points flying your way) and I’m sure it will help other Members too.

      I have also forwarded your recent post to our writers for further consideration, especially the part of the “naming” seems very important to me as it might be often totally overlooked and quite easy to miss while causing serious issues at the same time.

      Thanks for being such an active and helpful Member of our Community!

      Best regards,

      Adam

  • splaquet
    • The Incredible Code Injector

    awesome Ariane !

    …but seriously… unless you had to stumble and fumble through it (like I did), who would have ever thought that you had to set something, that seems so insignificant, from domain.com to domaincom ?!#@

    Thank you kindly for your kind gift(s)… from all of you actually! :smiley:

    I’m a few steps closer on my 15 year venture for a free membership :wink:

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.