Getting main ssl on subdomains

Step Zero: Are the sub-domains included in the SSL certificate?

If you have a wild-card SSL cert, it covers both the root domain and all sub-domains. Alternatively, you could include individual sub-domains in the SAN field.

Please confirm if your main domain’s certificate covers all your sub-domains.

Hi again. No. I’ve learned that Autossl including subdomains doesn’t mean WP multisite subs which aren’t server side.

I get “doesn’t match” browser messages for them and they are not listed under what is covered (ie Mail.site). How can I put them there?

What is the SAN field?

I don’t have SNI done either.

It’s a free Let’s Encrypt form my host for the main blog. Would I have access to the SAN?

Hello,

I just whipped up a new server on DigitalOcean, installed WHM/cPanel, configured a new domain… and I was able to get wildcard SSL working very easily using cPanel’s LetsEncrypt plugin.

All I did was use cPanel’s sub-domain manager to create the wildcard subdomain: cPanel’s LetsEncrypt plugin automatically requested the wildcard cert and configured the Apache webserver.

NB: When creating the wildcard sub-domain, be sure to set public_html as the DocumentRoot… else cPanel will create a new directory _wildcard_ for the wildcard subdomains. When this happens, the wildcard SSL will work for any sub-domain, but your Multisite sub-domains will be broken (because the sub-domains’ DocumentRoot will be different from your primary WordPress site’s DocumentRoot)

Please if you still need help with this, before I can provide any further assistance, you’ll need to provide your ACTUAL DOMAIN so I can run some tests. Else we’ll just be going back and forth ad infinitum!

Good luck!

Wildcard is a paid cert from my host. Their LetsEncrypt was supposed to work on sub domains they told me though but not for MS turned out because of the sub absence in the files so it has to be done via admin they say. I’ll see if this LetsEncrypt gives a free wildcard.

So as long as my wildcard folder was underneath public, it should have added my MS subs?

Private bit.ly/3cgLH3D sub https://bit.ly/34MSa3U

Don’t I need the domain mapping field for this? https://www.ads-software.com/support/topic/why-dont-i-have-domain-mapping-in-settings/

• This reply was modified 4 years, 6 months ago by Stacy (non coder).
• This reply was modified 4 years, 6 months ago by Stacy (non coder).
• This reply was modified 4 years, 6 months ago by Stacy (non coder).

Hello,

Their LetsEncrypt was supposed to work on sub domains they told me though but not for MS turned out because of the sub absence in the files so it has to be done via admin they say.

This is 100% not true.

I say so because, if you actually read my post above, I DID THIS YESTERDAY… and I’ve read both the feature request which lead to the implementation of this very feature, as well as cPanel’s official documentation of this very specific feature.

There’s nothing special about WordPress Multisite in this respect, other than the fact that the sub-domains are “virtual” or “wildcard” (ie *.example.com). At the top of the feature request linked above, cPanel’s staff officially promised that:

Good news!

cPanel’s Let’s Encrypt plugin WILL secure wildcard subdomains in v84.

Note “wildcard sub-domains” in that statement (which is what Multisite subdomains are). This message was posted 2 years ago. cPanel v84, which has actually reached its end-of-life now, was released with this feature, and all subsequent cPanel versions (including the latest) have support for unlimited free wildcard LetsEncrypt SSL for wildcard (aka virtual) sub-domains.

cPanel even has an official documentation on the feature. Here’s a quote from that documentation:

This plugin [the LetsEncrypt SSL plugin] does not currently secure non-wildcard domains via wildcard certificate. For example, it cannot secure the foo.example.com and bar.example.com subdomains with a *.example.com wildcard.

Just read that again: cPanel’s LetEncrypt support for wildcard SSL ONLY works for virtual / wildcard / Multsite-type subdomains that have what you’re calling “absence in the files”. It does NOT even work for statically-created sub-domains that have “files”.

So what you and your host are claiming is exactly the OPPOSITE of what cPanel supports ??

So as long as my wildcard folder was underneath public , it should have added my MS subs?

It should.

Unless your host, like many hosts, has disabled some feature so they can upsell their expensive SSL certificates ??

Again, if you can give your domain name, I can run some tests for you. Everything else I say is pure conjecture, as hosts have the ability to disable/enable cPanel features, and I don’t even know if you’re indeed using the LetsEncrypt’s plugin and your certificates are issued by LetsEncrypt, as the default cPanel SSL plugin (certs issued y Sectigo, not LetsEncrupt) doesn’t support wildcards AT ALL.

PS: Who am I? I used to run a small WHM/cPanel-based hosting business, and I currently manage a number of servers for clients, some of which use WHM/cPanel (WHM is the server administrator’s console, while cPanel is the clients’ console). So I want to believe that I know this platform VERY WELL, and as I mentioned in my post yesterday, I did exactly what you and your host are claiming to be impossible.

Good luck!

Private bit.ly/3cgLH3D sub https://bit.ly/34MSa3U

Saw your edit only after I posted my message above.

OK, I’ve checked your domain in that link, and your host happens to be one of those hosts that specifically don’t allow LetsEncrypt wildcard domains (I know from previous client work and dealing with lots of such cases in this very forum).

So if you need SSL for your multisite, your only choices are either to pay their tax, or find a new host ??

Good luck!

Just now, they added a sub’s name to be covered somehow and added it as a subdomain cpanel, but the site is showing index only and the rest of the sub-sites are lost showing 404s. The tech deleted the wilcard domain in cpanel subdomains for some reason.

Does the email on your site go directly to you?

• This reply was modified 4 years, 6 months ago by Stacy (non coder).

Should my multisite wp.config code have the wilcard url btw? Making mysite.com *.mysite.com

define(‘MULTISITE’, true);
define(‘SUBDOMAIN_INSTALL’, true);
define(‘DOMAIN_CURRENT_SITE’, ‘mysite.com’);
define(‘PATH_CURRENT_SITE’, ‘/’);
define(‘SITE_ID_CURRENT_SITE’, 1);
define(‘BLOG_ID_CURRENT_SITE’, 1);
define( ‘WPPA_MULTISITE_INDIVIDUAL’, true );
define(‘WP_MEMORY_LIMIT’, ‘264M’);
/* That’s all, stop editing! Happy blogging. */