Roots Discourse

Can't add ssl to multisite subdomain

Hey there!

I’m running into an issue I haven’t had yet. We just migrated a client’s site over to our trellis instance, the site has 3 subdomains and another domain mapped to it as well (using this plugin). I’d like to add ssl to the main domain, subdomains, and the mapped domain. I haven’t seen much info on how to do this, except for this post by @Simeon who seemed to have a similar question. I’ve followed the same setup he outlined, but on provisioning only the main domain gets an ssl cert by letsencrypt.

Here’s the wordpress_sites config:

example.com:
  site_hosts:
    - canonical: example.com
      redirects:
        - www.example.com
    - canonical: sub1.example.com
    - canonical: sub2.example.com
    - canonical: sub3.example.com
    - canonical: example2.com
      redirects:
        - www.example2.com
  local_path: ../sites/example.com
  repo: 'git@bitbucket.org:example/example.com.git'
  branch: production
  multisite:
    enabled: true
    subdomains: true
  ssl:
    enabled: true
    provider: letsencrypt
    hsts_include_subdomains: false
  cache:
    enabled: true
  env:
    domain_current_site: example.com

Our trellis version was last updated Nov 11, 2016, here’s the last commit.

Am I doing something wrong, or is this feature not available to trellis at that point in time? I know we’re pretty out of date, updating has been on my tasklist for months :smile:. I can provide more info if needed!

Thanks!

That looks correct. Our docs also have a mention of it: https://roots.io/trellis/docs/multisite/

I can’t guarantee that updating Trellis would fix it, but I’d suggest doing that anyway since there have been a few fixes related to LE and SSL.

Did you add those hosts after your first provision? Then re-provision? Or have you tried doing this on a new server on the first provision?

Ok wow, I must have missed that in the docs, even though I’ve read them a few times… Yeah these hosts were just added, we use one trellis instance for all of our sites. I’ve reprovisioned a few times with this config, still nothing different. Is there anywhere I could verify that the ssl certs definitely weren’t generated? /etc/nginx/ssl/letsencrypt doesn’t have certs for the subdomains. I also see no difference in the site .conf compared to another site, except for the multiple domains in the server_name var.

I’m hesitant to update, as I know there were a few breaking changes in between. Just that it will take me a while to get the code updated, new servers provisioned, and testing to make sure everything is ok. Is there a trellis way to manually generate the certs or should I just use the letsencrypt tool? I’d like to keep them auto renewed as well if possible.

Thanks for your help!

Btw I fixed it. For anyone wondering, these instructions did the trick. Probably not relevant anymore as my trellis instance is so out of date, but good info regardless.

1 Like