Multisite; Subdomains, DNS and SSL Questions

Simeon · October 23, 2016, 10:53pm

Me again with the Multisite questions

Thankfully this time I’ve got this deploy up and going successfully. I’m just wondering if how I’ve gone about it is the best way or if something simpler could be done…

DNS
I’ve read a bunch of docs recommending setting up a wildcard domain (like *.example.com) so that every new site you create on the install will work. However I’m finding even after setting up a wildcard record at my registrar the new sites don’t load. I have to create a new DNS record pointing to the same host for each new sub-site’s subdomain.

Is this an issue with my registrar perhaps? Can you ping/test a wildcard subdomain?

SSL
Then the next issue is that when I get these subdomains to load, they don’t have valid Let’s Encrypt certificates. So I can load example.com but not subdomain.example.com because there’s no secure connection. So my wordpress_sites file for development looks like the below, but this seems messy, is there a more efficient way? The below ensures a valid certificate is generated for every domain, and subdomain for each sub-site.

- canonical: example.com
  redirects:
    - www.example.com
- canonical: subdomain1.example.com
- canonical: subdomain2.example.com
- canonical: example2.com
  redirects:
    - www.example2.com
- canonical: example3.com
  redirects:
    - www.example3.com

Reason I’m asking for clarification on all this is that as far as I can tell it would not be possible on Trellis to have a multisite install where sites can be added regularly. Currently to add a new site with a valid certificate I’d need to:

Generate a new DNS record for each subdomain
Separately add each site’s unique domain and its subdomain to wordpress_sites
Remove the old certificates from the server
Re-provision it to generate new certificates

Is that correct?

Again, everything on this deploy works, even with a domain mapping plugin too. Just questioning if there’s a better way.

kalenjohnson · October 26, 2016, 12:47am

I don’t think this is quite necessary if you wildcard and point all subdomains to the same IP/CNAME/whatever, right?

I think the same applies to the first step. You shouldn’t need to add every single site’s subdomain. Unless of course you’re using Let’s Encrypt.

This shouldn’t be an issue at all unless you have old certificates…

If using Let’s Encrypt or single SSL cert’s, yes.

If you’re using multisite with subdomains, this really depends. If you want to continue using Let’s Encrypt and don’t mind adding each site individually, then yes, this seems correct. If you want to simplify the process and you’re adding many sites or sites may be added at any time, then just get a wildcard SSL and be done with it.

Simeon · October 26, 2016, 5:58am

Thanks. I’ve little experience in getting a ‘real’ (read: not LE) SSL certificate before, didn’t realise you could get wildcard domain certs. That would solve that problem.

I’m also trailing a subdirectory multisite setup for another project I have going at the moment. Interested to see how it differs.

SteveHoney · November 2, 2016, 8:44am

Sub-folder install avoids a lot of these headaches. Even for an install where I have only sub domains of one primary I’d always go the subfolder route for exactly the reasons you’ve mentioned.

As per Kalen’s answer wildcard cert will take care of those issues. Lets Encrypt etc not really designed to cover multiple subdomains.

Cheers