Multisite let's encrypt not working for me for mapped domains

trellis
1

Hi all!

I’m trying to activate https in all the domains i have in my multisite installation but is not working for me.
My group_vars/production/wordpress_sites.yml is

wordpress_sites:
  juanmaguitar.com:
    site_hosts:
      - juanmaguitar.com
      - lasrecetasdeguada.com
    ...
    multisite:
      enabled: true
      subdomains: true
    ssl:
      enabled: true
      provider: letsencrypt
   ...

And the nginx configuration and let’s encript settings seems to be created properly (no errors) but the https only work for the main domain juanmaguitar.com

For the other one lasrecetasdeguada.com that is really a mapped domain for the suddomain lasrecetasdeguada.juanmaguitar,com doesn’t work. it seems that the certifificate is not created properly for this second domain.

The thing is that after provisioning when i access to http://juanmaguitar.com it redirects me to https://juanmaguitar.com with the proper certificate and everything works fine

But when i access to http://lasrecetasdeguada.com it redirects me to https://lasrecetasdeguada.com without a proper certificate so i get an error (insecure page or something like that). I can add an exception to the https error but then the images (amazon s3) doesn’t work properly (mixed protocols or something)

Is there anything else i should take into account?? Any ideas?

Thanks in advance!!

2

Solved on my own!!

The certificate wasn’t being properly created for different domains so the solution for me was creating them manually

1- Cloning let’s encrypt tools in a temporal folder

git clone https://github.com/letsencrypt/letsencrypt
$ cd letsencrypt

2- Once inside the folder we can create the certificates for several domains by doing (in my case)

(we need to stop nginx server first)

sudo service nginx stop

./letsencrypt-auto certonly -a standalone -d juanmaguitar.com,www.juanmaguitar.com,lasrecetasdeguada.com,www.lasrecetasdeguada.com

3- The certificate (valid for all these domains) are created at /etc/letsencrypt/live/ so the only thing left is replacing them in the proper .conf used by nginx

ssl_certificate  /etc/letsencrypt/live/<our-domain>/fullchain.pem;
ssl_certificate_key  /etc/letsencrypt/live/<our-domain>/privkey.pem;

And finally we restart the nginx server by doing

sudo service nginx start

And that’s it! :slight_smile:

2 Likes
3

so there’s no way to have this controlled by Trellis instead? won’t this get overwritten next time the server is provisioned?