Hi folks, I have installed a CentOS 7 server with a WordPress multi-site (Php 7.3, MySQL & Apache) domain I point domain to server and all works just fine. The problem comes installing SSL certificates. I have took a snapshot because the first time I did, apache crash and I could not make it work, therefore I’ve rebuilt the server. And I got now a snapshot in case something goes wrong. I have followed some tutorials but there are not effective, as soon and I save the changes and restart apache current wordpress site goes offline. For some reason, my provider is giving me domainname.com_ssl_certificate.cer and _.domainname.com_private_key.key and _.domainname.com_ssl_certificate_INTERMEDIATE.cer Any ideas on this scenario to install all SSL certificated for each domain in these CentOS 7 server multi-site? Thank you!
Hi Ahrasis, I think that is not the proper way because when you have a WordPress multi-site, WP itself manages the network sites and uses .htaccess for domain mapping. I've tried installing the SSL certificate but as soon as the configuration is ready, WP network stops working.
You need one ssl cert which contains all domains, you can include up to hundred domains in one Let#s encrypt SSL certificate. As Ahrasis mentioned, using ISPConfig is an easy way as ISPConfig does all this automatically when you add a domain to a website. But you can do that manually as well, just create a cert with certbot which includes all domains and subdomains that your WP multi site uses.
The part that I'm missing is how to configure the certificate itself, I've followed instructions but then it asked me to change apache site location /var/www/domain/html and add a .conf file for each domain domain.conf. Doing the ISPConfig will not mess up the WordPress network?
You have to add all domains as alias domains inside of one vhost for wordpress multisite and then add all domains to one LE cert and configure that in this vhost. ISPConfig requires an empty server to install it, then you create a website in ISPConfig and then you install wordpress inside that website, so that's a choice for your next server or when you plan to host multiple sites.
1. Backup before you proceed. 2. I think there is a imit for domain per LE SSL certs which is 100. 3. A single wildcard LE SSL certs for example *.domain.tld is not yet available in ISPConfig as it requires dns challenge to be issued, which is not supported yet. 4. Best bet for WPMU with LE SSL in ISPConfig if more than 100 sites without wildcard will be to use individual vhost for each or use directories instead of subdomains.
I'm going to take a snapshot and give a shot to this: https://www.howtoforge.com/getting-started-with-acmesh-lets-encrypt-client/ I've found others but they are with Nignx https://www.howtoforge.com/how-to-install-wondercms-on-centos-7/ But the part missing is setting up the vhosts. I've found also this one: https://www.tecmint.com/install-wordpress-with-ssl-w3-total-cache-cloudflare-cdn-on-centos/ but unfortunately my cloud server provider doesn't support cloudflarefor cloud servers. Any extra advice, highly appreciated. Thanks.
If you implement your WPMU using ISPConfig, feel free to ask at ISPConfig 3 category boards. Others may have few tricks up their sleeve.
Hi Folks, I got some updates: I was able to install Let's Encrypt and main site t works just fine. My current problem is now WordPress network is not finding the mapped sites. Current error shows the location which is a non-existing folder DocumentRoot "/var/www/getyourselfontime.com" but with the multisite, there is no need for additional folders. Code: <VirtualHost *:80> ServerAdmin [email protected] DocumentRoot "/var/www/getyourselfontime.com" ServerName getyourselfontime.com ServerAlias www.getyourselfontime.com ErrorLog "/var/log/httpd/getyourselfontime.error_log" CustomLog "/var/log/httpd/getyourselfontime.access_log" common RewriteEngine on RewriteCond %{SERVER_NAME} =www.getyourselfontime.com [OR] RewriteCond %{SERVER_NAME} =getyourselfontime.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] </VirtualHost> How should the .conf or vhost file should look like to accept wpmu mapping and configuration from the .htaccess?
If you are using ISPConfig, simply enable aliasdomain vhost in your ISPConfig config and create aliasdomain website with vhost for each domain you added to your main WPMU as ISPConfig will then handle both vhost and letsencrypt for all of your added domains.
Add all additional domains as aliases in the vhost. WP takes care on the mapping itself then. And I would remove the rewrite lines. as @ahrasis mentioned, if you would have used ISPConfig it would have been much easier.
Example: <VirtualHost *:80> ServerAdmin [email protected] DocumentRoot "/var/www/getyourselfontime.com" ServerName getyourselfontime.com ServerAlias www.getyourselfontime.com seconddomain.tld www.seconddomain.tld thirddomain.tld www.thirddomain.tld ErrorLog "/var/log/httpd/getyourselfontime.error_log" CustomLog "/var/log/httpd/getyourselfontime.access_log" common </VirtualHost>
Hi Till, I have followed your indications but still same results here is the content of both vhost files. This is the main domain aitcloudns.com.conf Code: <VirtualHost *:80> ServerAdmin [email protected] DocumentRoot "/var/www/aitcloudns.com" ServerName aitcloudns.com ServerAlias www.aitcloudns.com aitcloudns.com www.getyourselfontime.com getyourselfontime.com ErrorLog "/var/log/httpd/aitcloudns.error_log" CustomLog "/var/log/httpd/aitcloudns.access_log" common </VirtualHost> This is the secondary domain getyourselfontime.com.conf Code: <VirtualHost *:80> ServerAdmin [email protected] DocumentRoot "/var/www/aitcloudns.com" ServerName getyourselfontime.com ServerAlias www.getyourselfontime.com getyourselfontime.com ErrorLog "/var/log/httpd/getyourselfontime.error_log" CustomLog "/var/log/httpd/getyourselfontime.access_log" common </VirtualHost> I have removed the rewrite lines as suggested and restart httpd, but seems no change! Thanks
Hi Till, Seems working the only issue now is when I'm going to access each site SSL is not set. When I access the dashboard displays ssl issues, but when I log off shows something different: https://aitcloudns.com/wp-signup.php?new=getyourselfontime.com seems like is not mapping correctly. This is the content of getyourselfontime.com-le-ssl.conf Code: <IfModule mod_ssl.c> <VirtualHost *:443> ServerAdmin [email protected] DocumentRoot "/var/www/getyourselfontime.com" ServerName getyourselfontime.com ServerAlias www.getyourselfontime.com ErrorLog "/var/log/httpd/getyourselfontime.error_log" CustomLog "/var/log/httpd/getyourselfontime.access_log" common RewriteEngine on # Some rewrite rules in this file were disabled on your HTTPS site, # because they have the potential to create redirection loops. # RewriteCond %{SERVER_NAME} =www.getyourselfontime.com [OR] # RewriteCond %{SERVER_NAME} =getyourselfontime.com # RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent] SSLCertificateFile /etc/letsencrypt/live/crmamigo.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/crmamigo.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf SSLCertificateChainFile /etc/letsencrypt/live/crmamigo.com/chain.pem </VirtualHost> </IfModule>
In my experience, you cannot run secured wp multiple sites with a single vhost if you want them each to use their own individual letsencrypt ssl certs. That was why I said: The only way you can use single vhost is by using wildcard ssl for the sub domains where the top domain for all wp multi sites are the same. Of course if the wp multi sites are simply using directories instead of domain, single vhost could also work.
Please reread what I mentioned in post #6. you must create a single LE cert which contains all domains and subdomains that you want to use. And you missed recreating the -le apache conf file as it still contains the old config, which indicates that you missed recreating the LE cert for all domains.
