SSL for mapped subdomains in multisite (no plugins)

admin管理员组

文章数量:1122846

WP multisite network based on subdomains, and domain mapping to my customer domain names without a plugin (I'm on WP 4.6.x).

SSL cert for the server, so the base network domain does come up with green padlock -- but I do not cover my customer's domains - they currently get forced to http.

I need to have all my customer's domains come up with https, green padlock -- without having to install a separate SSL cert for each domain. What is the best way to approach this?

WP multisite network based on subdomains, and domain mapping to my customer domain names without a plugin (I'm on WP 4.6.x).

SSL cert for the server, so the base network domain does come up with green padlock -- but I do not cover my customer's domains - they currently get forced to http.

I need to have all my customer's domains come up with https, green padlock -- without having to install a separate SSL cert for each domain. What is the best way to approach this?

• multisite
• ssl

Share Improve this question asked Jun 21, 2018 at 1:10 C CC C 1,9581818 silver badges3131 bronze badges 4

• Sorry, just to be clear, are all your customers on subdomains of your domain? Or use their own domains? – Jacob Peattie Commented Jun 21, 2018 at 1:59
• All customers are in subdomains from the main domain, and yes they also use their own domain name which is mapped by WP to the underlying subdomain. – C C Commented Jun 21, 2018 at 2:07
• 3 You should get a 'wildcard certificate' for the domain then. It can be used for all subdomains on a domain. – Jacob Peattie Commented Jun 21, 2018 at 2:23
• I have a wildcard cert; I think there is additional complexity due to the mapped domain names. I'm looking into SNI now under Apache... – C C Commented Jun 21, 2018 at 12:03

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 0

Okay, here is the solution I landed on. This will vary based on the type of server you are on and how much you can do within your hosting account (or your hosting provider is willing to do for you).

I'm running Apache and in a WHM / cPanel hosting environment with a dedicated IP address and root access. The basic idea here should work for other environments but as usual YMMV...

SNI has to be in place and running, under Apache.

Each domain will need to be covered by an SSL certificate - the wildcard certificate for the base network will only cover subdomains and will not cover mapped domains.

I added my client's domain name(s) as an "add-on domain" within the account for the base WP network domain, in cPanel. Note that this required enabling the setting "Allow Creation of Parked/Addon Domains that are not registered" within WHM. Otherwise cPanel will complain: the domain is already pointed to an IP address that does not appear to use DNS servers associated with this server.

I also made sure autoSSL was enabled in WHM for the account that owns the WP base network domain. This causes autoSSL to trigger the installation of an SSL certificate for any add-on domains. autoSSL seems to be based on LetsEncrypt, so if you can't use cPanel autoSSL then you can probably just use LetsEncrypt instead.

I already had a purchased SSL wildcard certificate for the base network domain, but the nice thing is that autoSSL respects that certificate and will not attempt to replace it.

Finally, I made sure the mapped domain in WP admin (network->sites->edit site) had a siteURL setting that started with https:// -- and of course made sure all content is being served via https so no mixed-content warnings in the browser. In my case I had to drop into phpMyAdmin and update the options table for the site directly. I have to investigate why the admin page didn't "stick" when I made the change there.

So now my client's site(s) are covered by an auto-renewing free SSL, and come up in the browser across all pages with the green padlock.

本文标签： SSL for mapped subdomains in multisite (no plugins)