wild cards and ssl for subdomains

I got this note on wp..
"You run a Multisite installation with subdomains, but your site doesn't have a wildcard certificate. This leads to issues when activating SSL networkwide since subdomains will be forced over SSL as well while they don't have a valid certificate. Activate SSL per site or install a wildcard certificate to fix this."
However, my cPanel shows that i have a wildcard ssl installed. I am new to this side of the IT world. Please can you assist a newbie

  • Adam Czajczyk

    Hello Daelan

    I hope you're well today and thank you for your question!

    I checked your site and the certificate that it's using and it seems to be valid only for your main domain. You can see it for yourself by opening the site in Chrome browser, clicking on a padlock on a left to the site URL and then on "Certificate" link there. The field "Issued to" contains only your main domain, without * in front of it, which means it's not a wild-card certificate.

    There's also a check here that you can run on your site:

    https://www.digicert.com/help/

    It doesn't confirm it's a wild-card certificate.

    That being said, if you can see in a cPanel that the certificate is supposed to be a "wild-card" one, are you sure that you're checking the certificate for a right domain? Is that a paid or a free certificate (issued via cPanel's Auto-SSL)?

    Best regards,
    Adam

  • Daelan

    Hi Adam,

    And thank you for your reply. If you don't mind me going back a few steps and explaining myself first.

    As I said before I'm new to this SSL thing and my coding experience hasn't ever covered SSL etc.

    What I need to know is what is the difference between a subdomain in cPanel and a subdomain in WordPress?

    I created a subdomain in cPanel and then installed wp and it gave me a new environment on wp. What I'm trying to achieve with not much luck (and way tooo much effort) is, create the subdomain in wp or cPanel and have it listed with the necessary ssl certificates etc.

    My hosting company keeps giving plugin advice. I would rather have the technical advice first.

    Regards
    Daelan

  • Adam Czajczyk

    Hello Daelan

    Let me try to explain it a bit more then :slight_smile:

    This is about the multisite so the thing to start with is to know that there are two types of WordPress Multisite setups: a "subfolder" based setup and a "subdomain" based setup.
    The first one means that if the main site of Multisite is at "domain.com", it subsites (blogs) will have addresses like "domain.com/site", "domain.com/othersite", "domain.com/testblog" and so on.

    The "subdomain" setup means that if the main site is at "domain.com", subsites will have addresses like "site.domain.com", "othersite.domain.com" and so on.

    Since we're dealing with a "subdomain" setup let's focus on this one. The important thing is that WordPress itself does not "create subdomain". Domain/sub-domain configuration - this is entirely a server side thing and WordPress actually have not much to do with it. It only "uses it" so whenever we're talking about creating a sub-domain or a "wild-card for the domain" we are talking about a "server-side" thing. CPanel is a special tool to manage server (and again - it doesn't have anything to do with WordPress itself directly) so in your case "sub-domain" would mean creating a sub-domain in cPanel.

    That being said, for a "sub-domain based WordPress Multisite" you do not need to create any sub-domains in cPanel manually. Instead so called "wild card sub-domain" should be created for your main domain. A "wild-card" sub-domain is "catch-all" subdomain, represented by * (asterisk) in DNS system.

    "Catch all" means that a "wild card subdomain" will catch all the subdomains for a given domain. It will handle "test.domain.com", "site.domain.com" and whatever you put in front of ".domain.com" without any need to create such such subdomain in cPanel specifically. I hope that's understandable so far :wink:

    Now, the way you create "wild card" depends on the host. In some cases you create it directly in DNS, in some you just go to "sub-domains" in yoru cPanel and create * (asterix) sub-domain for you given domain. It's important that this * sub-domain would also have a "root folder" (you'll notice that setting in cPanel) set to be the same as "root folder" for the domain that you're using for your site. In other words.

    if your site is at "domain.com" and "root folder" for domain.com is "/home/domain.com/public_html", a "root folder" for "*.domain.com" (wild-card) should also be "/home/domain.com/public_html".

    Now, at this point there is no need to create any other sub-domains or install any other WordPress installations. There would be one install and it would handle all the sub-sites. So, once you got your WordPress installed at "domain.com" (and configured to be multisite) and you got a "wild card subdomain" set up - that's all you need and WordPress would automatically handle any new subsites you create.

    Then we need to get back to the initial issue, that is an SSL certificate. A certificate is always issued "for the domain" and there can be a regular "single domain" certificate (that's usually "default" thing) and a "wild card" certificate. A single domain certificate will only cover "domain.com" while "wild card" certificate will cover "*.domain.com" so a "domain.com" and all its sub-domains at once.

    Such a certificate should be issued and installed for your site's main domain and that's what's missing here. I'm not sure exactly about your current setup but I think the first thing to be sorted out would be the actual WP and sub-domain (cPanel) setup and then making sure that the certificate for your Multisite main domain is actually a wild-card and is installed for that domain (not any sub-domain).

    Does that help a bit?

    Best regards,
    Adam

  • Daelan

    Hi Adam,

    Thank you so much for such an excellent explanation. Wow! I hope they pay you well for your in-depth knowledge. I fully understand everything now.

    I sent your first answer to my hosting company. They called me and explained that it was not a wildcard ssl certificate. They told me that there was a cost but in their way I think they gave it to me for free. I got an email explaining what I should and do and not to bother though and that the changes have already been applied etc etc. I retested my websites on digicert.com and all the ticks are green!!!!!!

    I look forward to having a great team like WPMU DEV behind me now to help when I need it.

    THANK YOU SO MUCH!!!!!!!!!!

    Regards
    Daelan

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.