SSL for multi-site

Will the procedures on this tutorial work on my multi-site? I want to update all the subsites to https.

I’m nervous.

It absolutely does for subdirectory multisite since all subdirectories can share a single SSL certificate. For wildcard subdomains it does not work unless you have to have a wildcard ssl certificate which is possible but not a default on the server automatically (since each site is seen as a unique url

1 Like

looks good! thanks
this should get me up to 20 characters

How do I get a wildcard certificate? I have as multisite set up with subdomains. I had a wildcard one before set up via the Let’s Encrypt in cpanel.

The Let’s Encrypt plugin now supports this as of last year (cPanel still does not natively). You can issue a multisite certificate by checking the option here:

Note that you have to select DNS validation at the bottom, LE does HTTP validation by default but requires DNS validation for wildcard subdomains.

Thanks, I’ve tried that but I get an error. Do I have to delete a certificate from the cpanel area.

It looks like the issue is that the domain was originally secured by cPanel which at the time probably added this CAA DNS record:

cPanel previously used Comodo for certificate validation and these CAA records are becoming a requirement by all SSL providers including LE. But that record essentially says (don’t trust anyone but Comodo to issue a cert to this domain). I’m sure some neckbeard has a whitepaper on why this is actually a very secure way of doing this and not at all confusing. :slight_smile:

I modified the record to look like this:

and was then able to issue a wildcard cert in the Let’s Encrypt panel. So it should be working now for all of your subdomains.

You rock even if I have no idea what the bleep this means. Thanks!

1 Like

Sorry, I am confused again by these notification messages; it’s a WP multisite done with domains.

Automatic Let’s Encrypt renewal for * was attempted and failed.
This certificate expires on 2019-09-13 09:26:46 +0000 UTC.

Unable to renew certificate: Error creating new order: acme: error code 429 “urn:ietf:params:acme:error:rateLimited”: Error creating new order :: too many certificates already issued for exact set of domains: * see Rate Limits - Let's Encrypt

You can configure/re-install/remove this certificate by logging into cPanel, and visiting the Lets Encrypt SSL page.

I see in Lets Encrypt I have a wildcard certificate for both * (which is triggering this error) but a second one for - is the second redundant? Or should I just do separate certificates for the multisites (about 7 of them)?


I think you just have to issue a certificate for the main domain with multisite checked like the screenshot from earlier SSL for multi-site - #5 by timmmmyboy but I would test and make sure cPanel recognizes it. The error you’re getting is a rate limit error which is not really something we control. Let’s Encrypt has some restrictions around how often and how many certs you can get from them.

Sorry for being dense. I deleted a bunch of certs not needed, and tried a re-issue. I get this error:

I am a bit leery to delete the certificate; do I need to do that and start over?

I guess what I meant was rather than doing anything with the * entry to instead issue a multisite certificate to the entry so that subdomains would be covered by checking the multisite box. I did that, however cPanel doesn’t seem to want to pick up on it. Frankly I think the wildcard multisite support in the Let’s Encrypt plugin isn’t really well setup to work with cPanel. For a small number of subdomains it may make more sense to define them in cPanel and then you can just check them off when issuing a certificate for as additional entries (similar to how mail and www are checked when issuing a cert).