One thing to note if you aren’t going to use a plugin to manage domain mapping to individual websites as part of a WordPress Multisite network is that there might be some hang ups. I use certbot primarily to manage SSL certificates from LetsEncrypt but unfortunately certbot doesn’t seem to play nice with WordPress Multisite’s domain mapping. In order to make this simpler here is a simple guide if you’re doing it the hard way.
Certbot is interesting because it depends greatly when you create a SSL certificate whether you want to create a wild card certificate or a certificate that doesn’t include a wildcard domain.
I also am using Digital Ocean as my DNS and hosting service so the combination of the two means there are some aspects of this guide specific to this use case but you can easily find the versions of these commands for other services via the certbot instructions.
First things first, go to the company that you bought the domain and point it at Digital Ocean’s nameservers..
Then set up an A name for the domain name that you want and point it at your WordPress server, do this before generating the SSL certificate with certbot.
SSH into your server.
When using certbot the command for a standard SSL certificate the command you’ll likely be using is:
certbot -i apache -d example.com,www.example.comWhen using certbot for a wildcard SSL certificate the process is a bit more complicated as you have to some specific information about your DNS provider as well as an api token in an ini file (certbot’s instructions will tell you how to do this when followed closely), but the command looks like this for Digital Ocean:
certbot --dns-digitalocean --dns-digitalocean-credentials ~/.secrets/certbot/digitalocean.ini -i apache -d example.com -d *.example.comUnfortunately, using this command may very well break your site. The solution? Unless you are using a plugin to manage domain mapping you’ll have to edit the Apache vhost files. You can find these at /etc/apache2/sites-enabled/000-default.conf and /etc/apache2/sites-enabled/000-default-le-ssl.conf.
You will have to edit your respective vhost files to look like the following:
NOTES:
- This uses a wildcard SSL for the example.com domain and a standard SSL for the domain2.com domain.
- Using the
certonlyoption will prevent certbot from editing your configuration files.
For 000-default.conf:
# Added to mitigate CVE-2017-8295 vulnerability
UseCanonicalName On
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html
<Directory /var/www/html/>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.example.com [OR]
RewriteCond %{SERVER_NAME} =example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:80>
ServerAdmin webmaster@localhost
ServerName domain2.com
ServerAlias www.domain2.com
DocumentRoot /var/www/html
<Directory /var/www/html/>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.domain2.com [OR]
RewriteCond %{SERVER_NAME} =domain2.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
For 000-default-le-ssl.conf:
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html
<Directory /var/www/html/>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
</VirtualHost>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
ServerName domain2.com
ServerAlias www.domain2.com
DocumentRoot /var/www/html
<Directory /var/www/html/>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/domain2.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain2.com/privkey.pem
</VirtualHost>
</IfModule>
P.S. Should you crash your Apache install run this:
sudo service apache2 restart
Additional resources:
- https://www.digitalocean.com/community/tutorials/how-to-set-up-let-s-encrypt-certificates-for-multiple-apache-virtual-hosts-on-ubuntu-14-04
- https://www.thegeekstuff.com/2011/07/apache-virtual-host/
- https://certbot.eff.org/docs/using.html#certbot-commands
- https://www.hostreview.com/blog/200604-the-ultimate-wordpress-multisite-domain-mapping-guide
- https://www.cyberciti.biz/faq/star-stop-restart-apache2-webserver/
- https://premium.wpmudev.org/blog/domain-mapping-wordpress-multisite/
Also interesting: