Network Multisite SSL Not Covering Virtual Sites

  • I am new to this – but I have set up a site with a network multi site set up, using subdomains.

    When apply a Lets Encrypt SSL to the domain, it is not picking up the virtual subdomains; it only picks up on subdomains created as webspaces.

    What fix or setting is available to get around this?

    P.S. This is a testing site and not the actual domain.

    The page I need help with: [log in to see the link]

Viewing 6 replies - 1 through 6 (of 6 total)

  • Please give a real sample sub/domain so we can run some tests.

    The subdomain you gave shows a DNS_PROBE_POSSIBLE error.

    Thread Starter nigelrs

    (@nigelrs)

    Hello,

    I had the server ‘work a fudge’ during testing, so the subomains had a temp cert applied from the server.


    This is another testing page:

    https://work-well.nigelsinger.com/

    and reads net::ERR_CERT_COMMON_NAME_INVALID

    Thread Starter nigelrs

    (@nigelrs)

    Privacy error (lifetoolscorporationltd.co.uk)

    This is a domain page with the nett error. My understanding is Let’s Encrypt does not cover virtual domains via a wildcard; it can only cover main domains or actual subdomains.

    My understanding is Let’s Encrypt does not cover virtual domains via a wildcard; it can only cover main domains or actual subdomains.

    That “understanding” is totally wrong.

    Let’s Encrypt supports two validation methods (or challenge types): HTTP (HTTP-01 challenge) and DNS (DNS-01 challenge). See the official documentation here: https://letsencrypt.org/docs/challenge-types/

    For virtual (sub)domains, you cannot use the HTTP validation method… because there’s no place to put the acme-challenge token. So you MUST use the DNS validation method by adding the challenge token to a _acme-challenge.<YOUR_DOMAIN> TXT record.

    If you’re using some hosting control panel or provider that does not permit DNS validation, then that’s where the limitation is… and not Let’s Encrypt.

    https://workplace.lifetoolscorporationltd.co.uk/

    The SSL error on this page has nothing to do with Let’s Encrypt or even WordPress Multisite virtual subdomains.

    You already have a Lets Encrypt wildcard subdomain certificate for lifetoolscorporationltd.co.uk. Please see: https://www.ssllabs.com/ssltest/analyze.html?d=lifetoolscorporationltd.co.uk

    But on the subdomain workplace.lifetoolscorporationltd.co.uk, you’re loading a certificate issued for vps4.lifetools.com. So there’s a certificate/hostname mismatch, hence the ERR_CERT_COMMON_NAME_INVALID privacy warning.

    This is a server/vhost misconfiguration.

    Thread Starter nigelrs

    (@nigelrs)

    I appreciate what you are saying.

    I want to say from my experience, when I installed LE on my domain, from my Plesk panel, I select a wildcard option. It puts the record as a txt record acme-challenge.<YOUR_DOMAIN>.

    However, that still does not cover the issue that the certificate is only covering the main domain, even with the wildcard option on the SSL. Even if I create a physical sub domain, that isn’t being picked up by LE, you have to go into that and apply it’s own SSL. It could well be a configuration issue with LE and the server – but I cannot find a way around it. I have even been to the server people, I have tried a serveralias in Apache doubling up with a wildcard – all to no effect.

    But thanks for your input. I have to look elsewhere.

Viewing 6 replies - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.