Question

How to setup Virtualhosts properly for Wordpress Multisite from One Click Wordpress setup with Letsencrypt

Posted November 16, 2017 10.6k views
Linux BasicsApacheWordPressLAMP StackDigitalOceanDigitalOcean ArticlesDigitalOcean 1-Click Apps MarketplaceLet's EncryptUbuntu 16.04Quickstart

Wordpress multisite runs great on Digital Ocean’s One Click Wordpress install setup.
However problems happen when trying to add Letsencrypt to the installation for each domain the multisite uses. The typical multisite setup uses subdirectories for each subsite. This is done by wordpress and works fine with stock virtual host settings created by the One Click install from Digital Ocean.
However, certbot doesn’t like this and expects a virtualhost to be declared/setup in apache for each domain in your Wordpress Multisite site list.
After googling, all examples I see don’t use the same language/code examples in the sites-available as Digital Ocean’s one click setup uses. Here’s what Digital Ocean creates with the setup:

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        <Directory /var/www/html/>
            Options FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =YourDomainNameHere.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

The

RewriteCond %{SERVER_NAME} =YourDomainNameHere.com

is confusing as tutorials on virtualhosts in Ubuntu 16.04 doesn’t cover this code line.

So… for this situation… which is not currently covered in the Letsencrypt or Wordpress tutorials on Digital Ocean… what is the proper way to add in the domains in apache ALL for the same installation folder ( /var/www/html ) so that Letsencrypt Certbot will install additional domain certificates properly?

Help would be most appreciated. thank you.

P.S.
Expanding a single certificate is also not recommended for unrelated domains from what I’ve gathered in tutorials.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
3 answers

Answer given at the letsencrypt support forums
https://community.letsencrypt.org/t/setting-up-letsencrypt-for-a-single-wordpress-multisite-installation-with-many-domains/46511

Basically, each domain needs it’s OWN .conf file as well as each file having the Servername declared. Then after system linking into sites-enabled and an apache2 restart, certbot will install the additional certificates properly. See the thread at letsencrypt for more details.

  • I tried to follow what you were suggesting but Am too novice to figure it out!!

    I would like to set up WordPress multi site to set up a handful of different sites on one digital ocean droplet… each with their own domain, and letsencrypt certificate.

    Would you be willing to write out a tutorial article on how to set this up on the digital ocean and, and also the commandline codes needed to be entered via SSH? 🙏

    • I need help with this exact same request! I can pay a Developer to assist me with enabling SSL certs via certbot via letsencrypt.org for a multi-site virtualhost Wordpress environment on a Digitalocean ubuntu droplet, please!

Hi there,

I just came across this question.

Indeed, what I would usually do in such a case is to create separate virtual hosts for each website.

So let’s have the following scenario as an example:

  • A single WordPress multisite installation at /var/www/html
  • 2 different domain names pointing to the same server: eg example1.com and example2.com.

So rather than using only the default catch-all Apache virtual host (Vhost for short), you could create 3 separate virtual hosts for each domain name:

  • Vhost for example1.com:
<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        ServerName example1.com
        ServerAlias www.example1.com

        <Directory /var/www/html/>
            Options FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
  • Vhost for example2.com:
<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        ServerName example2.com
        ServerAlias www.example2.com

        <Directory /var/www/html/>
            Options FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

That way you could issue separate SSL certificates for each domain name, and also set up HTTP to HTTPS redirects without the domain names affecting each other.

Note how both Vhosts have the same DocumentRoot set to /var/www/html so that they could both be pointing to the same WordPress multisite installation.

For more information on Apache virtual hosts, make sure to check out this tutorial here:

https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-18-04

Once you have the two separate virtual hosts you can issue Let’s Encrypt certificates using certbot as normal. You can follow the steps from this tutorial here on how to do that:

https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-18-04

In case that you have more domain names, just follow the same procedure by adding separate Vhosts for each domain name.

Regards,
Bobby

by Kathleen Juell
by Erika Heidi
Let's Encrypt is a Certificate Authority (CA) that provides an easy way to obtain and install free TLS/SSL certificates, thereby enabling encrypted HTTPS on web servers. In this tutorial, you will use Certbot to obtain a free SSL certificate for Apache on Ubuntu 18.04 and set up your certificate to renew automatically.
  • Thanks for this, Bobby! I setup the separate .conf files for my multisites, and then certbot was successful at creating the ssl .conf files for port 443 SSL https access. That’s all working great, but I have some website names that auto-redirect http to the https secure sites, which redirect fine, but then the browser URL says “not secure”. Any tips on fixing this so the URL always shows “secure”? I tried on Chrome, Firefox, and Edge, and get the same results. Thanks!

  • Hey Bobby

    It’s the same I was doing.
    I got to this, joining various tutotials and threads… (I should came here before)....

    I have a question.
    Any Digital Ocean / Droplet “Networking” advice?

    I have a www and @ A record for my example2.com pointing to the droplet.
    For https works realy good, but there are some ways to get to my site, that even I have ssl redirects, it doesn’t and shows the example1.com site.

    http://www.semanasanta.cl/ (this is my example2.com domain that goes to example1.com)

    And this is where it should go....

    http://www.semanasanta.cl/

    Thanks

    Miguel

    • Hi there,

      Your setup looks good actually. One thing that I would change is to set a CNAME record for the www version to point to your domain name.

      Regarding the redirect, is the example2.com website hosted on your Droplet too?

      Feel free to share your Apache virtual host here so I could try to advise you further.

      Regards,
      Bobby

      • First of all, thanks Bobby for your interest.

        I made a mistake
        The http://www.semanasanta.cl/ url, should see (or go) like https://www.semanasanta.cl/ (I missed the hhtps).

        This is what I have at Digital Ocean:

        DNS records

        Type Hostname Value TTL (seconds)

        A semanasanta.cl directs to 209.97.152.101 3600
        A www.semanasanta.cl directs to 209.97.152.101 3600
        NS semanasanta.cl directs to ns1.digitalocean.com. 1800
        NS semanasanta.cl directs to ns2.digitalocean.com. 1800
        NS semanasanta.cl directs to ns3.digitalocean.com. 1800

        Thanks again.

        Miguel

        • Hi there,

          The DNS looks correct. But it looks like that there is a redirect that redirects your website to another domain name.

          I would recommend checking your Apache virtual host and your .htaccess file to make sure that there are no redirects and if so adjusting them accordingly.

          Feel free to share them here.
          Regards,
          Bobby

          • Sorry for the delay Bobby
            This is what I have at
            sudo nano /etc/apache2/sites-available/semanasanta.cl.conf

            Remember that I’m sending the domain to the same Directory of the main site, because I want to use a WP Multisite system

            https works fine
            http redirects to primary url

            # Added to mitigate CVE-2017-8295 vulnerability
            UseCanonicalName On
            
            <VirtualHost *:80>
                    ServerAdmin miguel@xxxxxxxx.cl
                    DocumentRoot /var/www/html
            
                    ServerName semanasanta.cl
                    ServerAlias www.semanasanta.cl
            
                    <Directory /var/www/html/>
                        Options FollowSymLinks
                        AllowOverride All
                        Require all granted
                    </Directory>
            
                    ErrorLog ${APACHE_LOG_DIR}/error.log
                    CustomLog ${APACHE_LOG_DIR}/access.log combined
            RewriteEngine on
            RewriteCond %{SERVER_NAME} =semanasanta.cl [OR]
            RewriteCond %{SERVER_NAME} =www.semanasanta.cl
            RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
            </VirtualHost>
            

            Thanks for your super help.

            Miguel

            edited by bobbyiliev
          • Hi there @mileight,

            This Apache Vhost for port 80 looks good. Can you also share the Vhost for port 443?

            Also are there any redirect rules in your .htaccess file?

            Regards,
            Bobby

          • Hi Bobby

            Here is my other .conf

            <IfModule mod_ssl.c>
            <VirtualHost *:443>
            ServerAdmin miguel@xxxxx.cl

                ServerName semanasanta.cl
                ServerAlias www.semanasanta.cl
            
                DocumentRoot /var/www/html
            
                <Directory /var/www/html/>
                    Options FollowSymLinks
                    AllowOverride All
                    Require all granted
                </Directory>
            
                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined
            

            Include /etc/letsencrypt/options-ssl-apache.conf
            SSLCertificateFile /etc/letsencrypt/live/semanasanta.cl/fullchain.pem
            SSLCertificateKeyFile /etc/letsencrypt/live/semanasanta.cl/privkey.pem
            </VirtualHost>
            </IfModule>

            And it didn’t gave any error at the logs :(

          • Hi there,

            Thanks for sharing the additional details!

            What I could suggest is checking the site and the home URLs in the wp_options table for the seconds site. And make sure that they match the exact domain name that you want to use.

            Regards,
            Bobby

          • Hi Bobby

            This is what I have in wp_options
            https://imgur.com/a/nYh2bjk

            And this is what I have in the config file.

            /* Multisite */
            define(‘MULTISITE’, true);
            define('SUBDOMAININSTALL’, false);
            $base = ’/’;
            define('DOMAIN
            CURRENTSITE’, 'blackfriday.cl’);
            define('PATH
            CURRENTSITE’, ’/’);
            define('SITE
            IDCURRENTSITE’, 1);
            define('BLOGIDCURRENT_SITE’, 1);

            /* That’s all, stop editing! Happy publishing. */

            Remember it’s a MultiSite (or that’s what I’m trying) :)

            Thanks

            Miguel

          • Hey @mileight,

            I see what’s causing the problem! The Site and the Home URLs are set to the https://www version of your domain, and that works as expected.

            However the http:// is redirected by default to the main site.

            What you could do is add this redirect rule to your .htaccess file so that it automatically redirects all of the HTTP traffic to HTTPS before it reaches the WordPress logic:

            RewriteEngine On
            RewriteCond %{HTTPS} !=on
            RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
            

            This will affect all websites and they will all be redirected to HTTPS.

            Let me know how it goes!
            Regards,
            Bobby

          • Hi Bobby

            You are really awesome and patient. Thank you very much for all your help.
            Unfortunately, I haven’t be able to make it work.

            This is my .htaccess file now:
            RewriteEngine On

            agregado estas 2 por Bobby

            RewriteCond %{HTTPS} !=on
            RewriteRule ^ https://%{HTTPHOST}%{REQUESTURI} [L,R=301]
            RewriteBase /
            RewriteRule ^index.php$ - [L]

            uploaded files

            RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]

            add a trailing slash to /wp-admin

            RewriteRule ^([0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
            RewriteCond %{REQUEST
            FILENAME} -f [OR]
            RewriteCond %{REQUESTFILENAME} -d
            RewriteRule ^ - [L]
            RewriteRule ^[
            0-9a-zA-Z-]+/(wp-(content|admin|includes).) $1 [L]
            RewriteRule ^[_0-9a-zA-Z-]+/(.
            .php)$ $1 [L]
            RewriteRule . index.php [L]

            Don’t you think it could be something with cname or something like that?
            We have tried a lot of configuration, but we haven’t make any change on that.

            You can try:

            And the only one that works correctly is:

            This is what I have at Digital Ocean
            DNS records
            Type Hostname Value TTL (seconds)

            A semanasanta.cl directs to 209.97.152.101 3600
            A www.semanasanta.cl directs to 209.97.152.101 3600

            Thanks again

            Miguel

          • Hi there,

            I believe that the problem is that the redirect goes like this:

            http://www.semanasanta.cl/ -> https://semanasanta.cl/ -> https://blackfriday.cl/

            So what I could suggest is to have all of the domains that are part of the multi website consistently set to either the www version or the non-www version.

            For example, you could set your site and home URLs to:

            https://blackfriday.cl/
            https://semanasanta.cl/

            Then after that, you could set up a redirect that redirects all HTTP requests to the non-www version of the sites with HTTPS.

            That way when the request hits the WordPress installation it will have the correct domain name matching the site and the home URLs in your database.

            This is also good for SEO as you would only have 1 version of the website indexed by Google.

            The final redirect rule should look something like this I believe:

            RewriteEngine On
            RewriteCond %{HTTPS} off [OR]
            RewriteCond %{HTTP_HOST} ^www\. [NC]
            RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
            RewriteRule ^ https://%1%{REQUEST_URI} [L,NE,R=301]
            ``
            
            Let me know how it goes!
            Regards,
            Bobby
            
        • Hi Bobby

          This is my .htaccess

          RewriteEngine On
          RewriteBase /
          RewriteRule ^index\.php$ - [L]
          
          # uploaded files
          RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]
          
          # add a trailing slash to /wp-admin
          RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
          
          RewriteCond %{REQUEST_FILENAME} -f [OR]
          RewriteCond %{REQUEST_FILENAME} -d
          RewriteRule ^ - [L]
          RewriteRule  ^[_0-9a-zA-Z-]+/(wp-(content|admin|includes).*) $1 [L]
          RewriteRule  ^[_0-9a-zA-Z-]+/(.*\.php)$ $1 [L]
          RewriteRule . index.php [L]
          

          How can I get the Vhost for port 443.
          Do you have the console code?

          This is what I have typed before:

          • sudo nano /etc/apache2/sites-available/semanasanta.cl.conf

          Thanks again

          Miguel

          edited by bobbyiliev
          • Hi there,

            The .htaccess looks good, there are no redirect rules that could be causing the problem.

            You can find the Vhost for port 443 again in the /etc/apache2/sites-enalbed/ directory:

            sudo ls -l /etc/apache2/sites-enabled
            

            In there you should have one more .conf file for your semanasanta.cl domain. In most cases it should have something like ssl in the name of the file.

            One more thing that I could suggest is checking your server logs for some possible problems:

            • First visit the site, and then right after that check your logs: tail -100 /var/log/apache2/error.log

            Regards,
            Bobby