Question

How to setup Virtualhosts properly for Wordpress Multisite from One Click Wordpress setup with Letsencrypt

Posted November 16, 2017 8k views
Linux BasicsApacheWordPressLAMP StackDigitalOceanDigitalOcean ArticlesDigitalOcean 1-Click Apps MarketplaceLet's EncryptUbuntu 16.04Quickstart

Wordpress multisite runs great on Digital Ocean’s One Click Wordpress install setup.
However problems happen when trying to add Letsencrypt to the installation for each domain the multisite uses. The typical multisite setup uses subdirectories for each subsite. This is done by wordpress and works fine with stock virtual host settings created by the One Click install from Digital Ocean.
However, certbot doesn’t like this and expects a virtualhost to be declared/setup in apache for each domain in your Wordpress Multisite site list.
After googling, all examples I see don’t use the same language/code examples in the sites-available as Digital Ocean’s one click setup uses. Here’s what Digital Ocean creates with the setup:

<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        <Directory /var/www/html/>
            Options FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =YourDomainNameHere.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

The

RewriteCond %{SERVER_NAME} =YourDomainNameHere.com

is confusing as tutorials on virtualhosts in Ubuntu 16.04 doesn’t cover this code line.

So… for this situation… which is not currently covered in the Letsencrypt or Wordpress tutorials on Digital Ocean… what is the proper way to add in the domains in apache ALL for the same installation folder ( /var/www/html ) so that Letsencrypt Certbot will install additional domain certificates properly?

Help would be most appreciated. thank you.

P.S.
Expanding a single certificate is also not recommended for unrelated domains from what I’ve gathered in tutorials.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers

Answer given at the letsencrypt support forums
https://community.letsencrypt.org/t/setting-up-letsencrypt-for-a-single-wordpress-multisite-installation-with-many-domains/46511

Basically, each domain needs it’s OWN .conf file as well as each file having the Servername declared. Then after system linking into sites-enabled and an apache2 restart, certbot will install the additional certificates properly. See the thread at letsencrypt for more details.

  • I tried to follow what you were suggesting but Am too novice to figure it out!!

    I would like to set up WordPress multi site to set up a handful of different sites on one digital ocean droplet… each with their own domain, and letsencrypt certificate.

    Would you be willing to write out a tutorial article on how to set this up on the digital ocean and, and also the commandline codes needed to be entered via SSH? 🙏

    • I need help with this exact same request! I can pay a Developer to assist me with enabling SSL certs via certbot via letsencrypt.org for a multi-site virtualhost Wordpress environment on a Digitalocean ubuntu droplet, please!

Hi there,

I just came across this question.

Indeed, what I would usually do in such a case is to create separate virtual hosts for each website.

So let’s have the following scenario as an example:

  • A single WordPress multisite installation at /var/www/html
  • 2 different domain names pointing to the same server: eg example1.com and example2.com.

So rather than using only the default catch-all Apache virtual host (Vhost for short), you could create 3 separate virtual hosts for each domain name:

  • Vhost for example1.com:
<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        ServerName example1.com
        ServerAlias www.example1.com

        <Directory /var/www/html/>
            Options FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
  • Vhost for example2.com:
<VirtualHost *:80>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html

        ServerName example2.com
        ServerAlias www.example2.com

        <Directory /var/www/html/>
            Options FollowSymLinks
            AllowOverride All
            Require all granted
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

That way you could issue separate SSL certificates for each domain name, and also set up HTTP to HTTPS redirects without the domain names affecting each other.

Note how both Vhosts have the same DocumentRoot set to /var/www/html so that they could both be pointing to the same WordPress multisite installation.

For more information on Apache virtual hosts, make sure to check out this tutorial here:

https://www.digitalocean.com/community/tutorials/how-to-set-up-apache-virtual-hosts-on-ubuntu-18-04

Once you have the two separate virtual hosts you can issue Let’s Encrypt certificates using certbot as normal. You can follow the steps from this tutorial here on how to do that:

https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-18-04

In case that you have more domain names, just follow the same procedure by adding separate Vhosts for each domain name.

Regards,
Bobby

by Kathleen Juell
by Erika Heidi
Let's Encrypt is a Certificate Authority (CA) that provides an easy way to obtain and install free TLS/SSL certificates, thereby enabling encrypted HTTPS on web servers. In this tutorial, you will use Certbot to obtain a free SSL certificate for Apache on Ubuntu 18.04 and set up your certificate to renew automatically.
  • Thanks for this, Bobby! I setup the separate .conf files for my multisites, and then certbot was successful at creating the ssl .conf files for port 443 SSL https access. That’s all working great, but I have some website names that auto-redirect http to the https secure sites, which redirect fine, but then the browser URL says “not secure”. Any tips on fixing this so the URL always shows “secure”? I tried on Chrome, Firefox, and Edge, and get the same results. Thanks!

Submit an Answer