Categories
Uncategorized

Managing Domain Mapping with WordPress Multisite

One thing to note if you aren’t going to use a plugin to manage domain mapping to individual websites as part of a WordPress Multisite network is that there might be some hang ups. I use certbot primarily to manage SSL certificates from LetsEncrypt but unfortunately certbot doesn’t seem to play nice with WordPress Multisite’s domain mapping. In order to make this simpler here is a simple guide if you’re doing it the hard way.

Certbot is interesting because it depends greatly when you create a SSL certificate whether you want to create a wild card certificate or a certificate that doesn’t include a wildcard domain.

I also am using Digital Ocean as my DNS and hosting service so the combination of the two means there are some aspects of this guide specific to this use case but you can easily find the versions of these commands for other services via the certbot instructions.

First things first, go to the company that you bought the domain and point it at Digital Ocean’s nameservers..

Then set up an A name for the domain name that you want and point it at your WordPress server, do this before generating the SSL certificate with certbot.

SSH into your server.

When using certbot the command for a standard SSL certificate the command you’ll likely be using is:

certbot -i apache -d example.com,www.example.com

When using certbot for a wildcard SSL certificate the process is a bit more complicated as you have to some specific information about your DNS provider as well as an api token in an ini file (certbot’s instructions will tell you how to do this when followed closely), but the command looks like this for Digital Ocean:

certbot   --dns-digitalocean   --dns-digitalocean-credentials ~/.secrets/certbot/digitalocean.ini   -i apache   -d example.com   -d *.example.com

Unfortunately, using this command may very well break your site. The solution? Unless you are using a plugin to manage domain mapping you’ll have to edit the Apache vhost files. You can find these at /etc/apache2/sites-enabled/000-default.conf and /etc/apache2/sites-enabled/000-default-le-ssl.conf.

You will have to edit your respective vhost files to look like the following:

NOTES:

  1. This uses a wildcard SSL for the example.com domain and a standard SSL for the domain2.com domain.
  2. Using the certonly option will prevent certbot from editing your configuration files.

For 000-default.conf:

# Added to mitigate CVE-2017-8295 vulnerability
UseCanonicalName On

<VirtualHost *:80>
	ServerAdmin webmaster@localhost

	ServerName example.com
	ServerAlias www.example.com

	DocumentRoot /var/www/html

	<Directory /var/www/html/>
		Options FollowSymLinks
		AllowOverride All
		Require all granted
	</Directory>

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
	RewriteEngine on
	RewriteCond %{SERVER_NAME} =www.example.com [OR]
	RewriteCond %{SERVER_NAME} =example.com
	RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

<VirtualHost *:80>
	ServerAdmin webmaster@localhost

	ServerName domain2.com
	ServerAlias www.domain2.com

	DocumentRoot /var/www/html

	<Directory /var/www/html/>
		Options FollowSymLinks
		AllowOverride All
		Require all granted
	</Directory>

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	RewriteEngine on
	RewriteCond %{SERVER_NAME} =www.domain2.com [OR]
	RewriteCond %{SERVER_NAME} =domain2.com
	RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>

For 000-default-le-ssl.conf:

<IfModule mod_ssl.c>
<VirtualHost *:443>
	ServerAdmin webmaster@localhost

	ServerName example.com
	ServerAlias www.example.com

	DocumentRoot /var/www/html

	<Directory /var/www/html/>
		Options FollowSymLinks
		AllowOverride All
		Require all granted
	</Directory>

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	Include /etc/letsencrypt/options-ssl-apache.conf

	SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
</VirtualHost>

<VirtualHost *:443>
	ServerAdmin webmaster@localhost

	ServerName domain2.com
	ServerAlias www.domain2.com

	DocumentRoot /var/www/html

	<Directory /var/www/html/>
		Options FollowSymLinks
		AllowOverride All
		Require all granted
	</Directory>

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	Include /etc/letsencrypt/options-ssl-apache.conf

	SSLCertificateFile /etc/letsencrypt/live/domain2.com/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/domain2.com/privkey.pem
</VirtualHost>
</IfModule>

P.S. Should you crash your Apache install run this:

sudo service apache2 restart

Additional resources:

Also interesting: