Page 1 of 1

Need help Installing SSL on mapped domain with Wordpress multisite

Posted: Tue Feb 26, 2019 5:47 am
by mlaungani
Hi Guys,

In order to explain the issue we are facing, I'm going to post an excerpt first, and then the entire issue at length. Please free to comment or advise.

Short version: : Need help setting up SSL for a domain mapped a WordPress Multisite.

Long versions
First, here is what our setup looks like, let me know if you need any more details about it and I'll add those as well.

Code: Select all

 WordPress 5.1
    PHP 7.0.33
    Vesta CP
    php+ngninx
    WPUltimo
    Divi theme
    wildcard SSL from Comodo
    really simple SSL
    WPTimeCapsule
    + other non-essentials
Let's use the below to understand our situation and problem.
Main Domain : example.com (IP address : 123.123.123.123)
Map domain : site1.com

Domain mapping with Vesta CP
Going thru all the threads on this forum and Google, here is what I have understood on how to integrate Domain Mapping.

Step 1: Point the domain towards the main site
- At the domain registrars, the NS needs to be set to default NS, and 2 DNS records are to be created as below.

A Record : Value :*blank* | Type : A | Target : 123.123.123.1230v2
C Name Record : Value : wwww | Type : C Name | Target : example.come

Step 2: Required changes at the main sites hosting end
- Create alias within the domain example.com: add: "site1.com" as an alias

Step 3: Log into the user account of which the domain needs to be mapped with and initiate domain mapping.

this concludes all the steps that we need to be done, in order to set up domain mapping manually. What do you guys think about it? Are these steps correct, or do we need to change the process?

The main issue > SSL certificate for a mapped domain
As mentioned above, We had just been able to understand how to map a domain manually, and began testing by creating user accounts to check the functioning, redirections etc. One thing we noticed is that the SSL doesn’t work with the mapped domain but it does work for the same site when opened as a subdomain.

For example, assuming that site1.com and site1.expample.com are one and same site, after the domain mapping is done. site1.com will load without HTTP and site1.example.com will load with https and a green lock.

Now, A similar mail was sent to Arindo, who is the lead developer of WP Ultimo plugin ( Around which the entire site is being built ), and he has been kind enough to respond to us and help us with whatever he could from his end, but it seems the issue falls within VestaCP where he couldn't help much. So, here I am seeking some guidance from you guys.

Here is what he replied with.
This is where my ability to help you get limited because of my lack of experience with VestaCP. CPanel, for example, have something called Add-on domains. When you add an add-on domain, cPanel recognizes that domain as part of the setup, but you don't need to move the entire DNS setup of that domain to cPanel. After a domain is added as an add-on, cPanel automatically fetches the certificate or you can fetch manually using their Let's Encrypt integration.

Doesn't VestCP has something like this? A way to attach a domain to the setup without necessarily having to move the entire domain DNS setup to Vesta?

If not, I'm afraid Vesta is not ideal for domain mapping with WordPress and this might actually mean that in the end, we won't even be able to add support to VestaCP at all.
So, basically...What I need to ask you guys is, is there a way to "ADDON" a domain in VESTACP?

And / OR, Is it possible to install an SSL certificate for a Mapped domain?

Regards
Manish

Re: Need help Installing SSL on mapped domain with Wordpress multisite

Posted: Thu Feb 28, 2019 5:32 am
by mlaungani
Hi guys!

Just bumping up the post, if in case relevant people have missed it. Also because resolving this is quite critical for us.

Thanks in Advance.
Manish.

Re: Need help Installing SSL on mapped domain with Wordpress multisite

Posted: Thu Feb 28, 2019 8:46 pm
by alexcy
Hello,

First of all are you trying to setup a “normal” SSL or a Letsencrypt one?

Re: Need help Installing SSL on mapped domain with Wordpress multisite

Posted: Fri Mar 01, 2019 4:19 am
by mlaungani
We would very much like to use lets encrypt.

Re: Need help Installing SSL on mapped domain with Wordpress multisite

Posted: Fri Mar 01, 2019 4:50 am
by mlaungani
Also, What do you mean when you say "normal"?

Is Let's encrypt not "normal"?

Re: Need help Installing SSL on mapped domain with Wordpress multisite

Posted: Fri Mar 01, 2019 6:12 am
by LiberlandMiner
alexcy wrote:
Thu Feb 28, 2019 8:46 pm
Hello,

First of all are you trying to setup a “normal” SSL or a Letsencrypt one?
The idea is that the sites running on a subdomain should use https://cheapsslsecurity.com/comodo/pos ... dcard.html. This part is set up and working - however, we can't get this certificate to cover the mapped domains. For this, as we understand on the WPUltimo documentation we need to use Let's Encrypt - just can't get it working as the sites are mapped and not actually set up individually in Vesta.

Re: Need help Installing SSL on mapped domain with Wordpress multisite

Posted: Fri Mar 01, 2019 9:48 am
by plutocrat
I have set up WP multisite on VestaCP previously, with Letsencrypt SSL and it works OK. This is how I remember it.
  • Set up main domain in VestaCP and point the DNS to your server. Get a Letsencrypt SSL cert for that domain (and www if you like)
  • Add another domain as an alias. Point the DNS to your VestaCP server for that domain. Re-issue the Letsencrypt SSL cert.
  • Repeat for each domain.
As long as the DNS is pointing to your server for ALL the aliased domains, and the Letsencrypt validation can happen, you can issue certs up to the Letsencrypt limit. If it doesn't work, you'll get an error message, the SSL cert won't be issued, and you'll have to look at the logs to find out what went wrong.

Re: Need help Installing SSL on mapped domain with Wordpress multisite

Posted: Fri Mar 01, 2019 10:14 am
by alexcy
VestaCP still uses an outdated version of LetsEncrypt API that has been discontinued. Thus, until a new version is released LetsEncrypt does not work.