SOLVED AutoSSL and WordPress Multisite

[dld]

I'm trying to work out the best way to integrate AutoSSL and WordPress Multisite, and to make matters more confusing (for me), while I'm experienced with WordPress, I'm new to Multisite.

Forgive me if my question is poorly constructed. I'm trying to get a handle on how to ask about what I need to know.

I am aware that WordPress recommends using a wildcard for subdomains, but I've seen suggestions on their pages suggesting it's not required.

I am also aware that AutoSSL cannot be used with wildcard subdomains.

I don't care about giving users the ability to create their own blogs. That's not the purpose of my multisite network. My purpose is to create a series of U.S. state-based websites that share a common user base. I would be happy to create each individual subdomain manually (such as ca.mydomain.tld or ny.mydomain.tld).

I would normally want to set up a separate Cpanel account for each subdomain, but I gather that doesn't work for WordPress Multisite, which apparently only works within one Cpanel account.

Can I create a subdomain in Cpanel for each state subdomain in a way that would integrate properly with WordPress MultiSite so that AutoSSL will work for each subdomain? If so, what would I enter for the path when I set up each subdomain in Cpanel?

 

[cPanelMichael]

Hello,

If I understand correctly, you could try choosing the following option when configuring WordPress's multisite feature:

• Sub-directories — a path-based network in which on-demand sites use paths

Then, create a subdomain in cPanel for each site and configure the document root to the subdirectory utilized for each wordpress site.

Thank you.

 

[dld]

Hello,

If I understand correctly, you could try choosing the following option when configuring WordPress's multisite feature:

• Sub-directories — a path-based network in which on-demand sites use paths

Then, create a subdomain in cPanel for each site and configure the document root to the subdirectory utilized for each wordpress site.

Thank you.

Yes, that's what I intended to do. My question is how do I configure it on the Cpanel side to produce the result I'm trying to produce.

 

[dld]

I figured out part of the problem. I didn't realize that when you create a subdomain, you have to wait until the next day for Comodo to detect it. I thought it would be detected right away.

When I woke up this morning, I checked and found that the subdomain was now working. However, instead of showing me a WordPress site, it shows me the following:

Show/Hide: Text from Index page

Index of /
[ICO] Name Last modified Size Description
[DIR] cgi-bin/ 2016-11-09 15:02 -

I tried going into my WordPress Superadmin area and then deleting and recreating the subdomain, but I still get the same result.

What am I doing wrong?

 

[dld]

I finally found the answer. For anyone else trying to do the same thing, here it is:

When you manually create a subdomain using Cpanel, it creates a new document root at the same level as your public_html folder.

Since WordPress Multisite needs to have all subdomains use the same document root, you have to change the Document Root for your subdomain to "public_html" without the quotation marks.

So if your multisite network is installed at mydomain.tld, and you manually add subdomain mysub.mydomain.tld via Cpanel, you have to then change the Document Root setting for mysub.mydomain.tld from "/mysub.mydomain.tld" to "public_html".

 

[cPanelMichael]

I'm happy to see it's now working well. Thank you for updating this thread with the outcome so that others with the same question can take the same steps.

Thanks!

 

[dld]

I spoke too soon. It turns out that you can change the document root to public_html, and indeed WordPress Multisite will work with it for non-SSL connections, but that doesn't mean that AutoSSL will catch up with it.

If I manually create a subdomain, mysub.mydomain.tld, Cpanel creates a default folder at the account's root level called /mysub.mydomain.tld.

Once Comodo catches up with the new subdomain registered by AutoSSL, any web pages you put in that default folder will display just fine when a secure connection is made at https://mysub.mydomain.tld.

However, when you change the document root for the subdomain to public_html, AutoSSL can't seem to find it.

I haven't found a workaround for this that will enable AutoSSL to get a Comodo certificate for a subdomain after changing the subdomain's document root to public_html.


ADDENDUM

I might have found the rest of the solution after all.

It seems that while AutoSSL generates a certificate for the subdomain, it doesn't actually apply it in the certificate store.

First, as I described above, set up the subdomain and change the document root to public_html.

Second, go to:

WHM > Install an SSL Certificate on a Domain > Browse Certificates

and select the account name, the right certificate, and then install.

This seems to fix the problem.

You must have already assigned public_html as the document root for the subdomain before "installing" the certificate for this to work.

 

[Chaplain TIG]

Howdy did, Just wanted to thank you for this...

ADDENDUM

I might have found the rest of the solution after all.

It seems that while AutoSSL generates a certificate for the subdomain, it doesn't actually apply it in the certificate store.

First, as I described above, set up the subdomain and change the document root to public_html.

Second, go to:

WHM > Install an SSL Certificate on a Domain > Browse Certificates

and select the account name, the right certificate, and then install.

This seems to fix the problem.

You must have already assigned public_html as the document root for the subdomain before "installing" the certificate for this to work.

It worked for all my subdomains, but not for the TLDs I'm domain mapping to the subdomains within the multisite.
I added the TLD as an addon domain in the cPanel with public_html as the document root.
Then I ran an AutoSSL check and received this error:

4:20:20 AM The website “sub.example.org”, owned by “OurUserNameWasHere”, has a valid SSL certificate, but additional SSL coverage may be possible for the domains mail.example.org and example.org. The system will attempt to replace this certificate with one that includes these additional domains.
4:20:21 AM WARN The domain “mail.example.org” failed domain control validation: “mail.example.org” does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 526.
4:20:21 AM WARN The domain “example.org failed domain control validation: “example.org does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 526.
4:20:21 AM WARN All of “sub.example.com”’s unsecured domains failed domain control validation. AutoSSL skip this website. at bin/autossl_check.pl line 440.

Any ideas?
Thanks

 

[Chaplain TIG]

UPDATE:
- Removed -

Looks like the domain mapped TLD is using the SSL assigned to the subdomain.

 

[dld]

I have no idea what might be causing your problem. Sorry. You might want to open a ticket with Cpanel about that.

 

[cPanelMichael]

4:20:21 AM WARN The domain “mail.example.org” failed domain control validation: “mail.example.org” does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 526. 4:20:21 AM WARN The domain “example.org failed domain control validation: “example.org does not resolve to any IPv4 addresses on the internet. at bin/autossl_check.pl line 526.

Hello,

This suggests the AutoSSL feature was unable to resolve those domain names to a valid IP address. Have you already configured the DNS for the listed domain name?

Thank you.

 

[dld]

Hello,

This suggests the AutoSSL feature was unable to resolve those domain names to a valid IP address. Have you already configured the DNS for the listed domain name?

Thank you.

If needing a valid IP address is the problem, wouldn't his subdomains also exhibit similar issues, cPanelMichael? He reported that they're working okay.

 

[cPanelMichael]

If needing a valid IP address is the problem, wouldn't his subdomains also exhibit similar issues, cPanelMichael? He reported that they're working okay.

The specific error message suggests AutoSSL isn't able to complete a DNS look for that specific domain name, suggesting a potential DNS issue. It is possible the custom configuration has lead to an unforeseen problem, in which case we're happy to help take a closer look via a support ticket to confirm if that's the case.

Thanks!