# Multi Trellis Sites - Avoiding SSL Cert Overwrites with Manual Certs? **URL:** https://discourse.roots.io/t/multi-trellis-sites-avoiding-ssl-cert-overwrites-with-manual-certs/30052 **Category:** trellis **Tags:** trellis **Created:** 2025-11-20T11:30:04Z **Posts:** 1 ## Post 1 by @sbcdev — 2025-11-20T11:30:04Z Hi all, I’m just investigating the best way to handle a custom SSL setup to avoid SSL cert collision or overwrites. We have 2 WP Multisite installs in one wordpress\_sites.yml (sharing the same Nginx instance.) ``` wordpress_sites: ecom-sites.com: site_hosts: ...and so on ssl: enabled: true provider: manual cert: /etc/letsencrypt/live/ecom-sites.com/fullchain.pem key: /etc/letsencrypt/live/ecom-sites.com/privkey.pem reg-sites.com site_hosts: ...and so on ssl: enabled: true provider: manual cert: /etc/letsencrypt/live/reg-sites.com/fullchain.pem key: /etc/letsencrypt/live/reg-sites.com/privkey.pem ``` Since we’re on CFlare we had an issue with Trellis based renewals so switched to using Certbot with DNS-01 (Cloudflare API) and `ssl: provider: manual` to ensure we can renew origin certs through the proxy. ### **The issue we hit** Trellis copies manual SSL files during provision using this task: ``` dest: "{{ nginx_ssl_path }}/{{ item.value.ssl.cert | basename }}" ``` Our files being named `fullchain.pem` and `privkey.pem` by certbot, both sites upon provision ended up writing to, the latter overwiting the former Multisite: ``` /etc/nginx/ssl/fullchain.pem /etc/nginx/ssl/privkey.pem ``` Ultimately breaking access. We could create one giant certificate that includes all sites but I was wondering if there’s a better way that aligns with Trellis best practices for editing `/trellis/roles/wordpress-setup/tasks/nginx.yml` where it’s currently `dest: “{{ nginx_ssl_path }}/{{ item.value.ssl.cert | basename }}”` possibly modyifing it to: ``` dest: "{{ nginx_ssl_path }}/{{ item.key }}.cert" Possible output : /etc/nginx/ssl/ecom-sites.com.cert ``` Has anyone else worked with editing this file? Appreciate any insight, though I understand it is perhaps more of a niche occurance. Happy to share more details if helpful. Thanks Stephen