Trellis Multisite SSL config

jajouka · April 12, 2018, 9:47pm

i have a trellis / bedrock multisite installation, the 3 sites use letsencrypt on staging but on production they all have their own ssl certificate. in the wordpress sites file for production there seems to be no way of adding a separate setting for each site, any ideas how i get around this? thanks

fullyint · April 12, 2018, 11:08pm

I assume your multisite is using subdomains or domain mapping, because subdirectories shouldn’t need multiple certs.

I’ve had it on my radar to revamp things in Trellis so a site’s given site_hosts could each specify different ssl certs/keys, providers, etc., but there is no such built-in functionality at present. I believe you would need to get your certs on the server and perhaps try a child template modifying the https block, perhaps mapping each $http_host to its appropriate cert/key. There could be many approaches.

However, it sounds like you have it working with Let’s Encrypt on staging. Is there some reason you don’t want to use Let’s Encrypt on production?

wordpress_sites:
  example.com:
    site_hosts:
      - canonical: aaa.example.com
      - canonical: bbb.example.com
      - canonical: mapped-domain.com
    multisite:
      enabled: true
      subdomains: true
      cron: false
    ssl:
      enabled: true
      provider: letsencrypt

Something like the example above would probably work.

jajouka · July 9, 2018, 6:17am

thanks, we can’t use lets encrypt on production, we have premium certificates for 3 production sites on the multisite network. these certs need to be used. im struggling to apply ssl certs for particular sites, templates don’t seem to be site-specific. it would be great to apply ssl to each site individually in the trellis config

jajouka · July 10, 2018, 2:43pm

i can’t get your solution to work. do you mean overwrite the highlighted block in wordpress-site.conf.j2 replacing the variables? this would affect staging as well as production would it not? the company is close to scrapping trellis because of this limitation. I really don’t want this to happen and I’m desperately trying to find a solution that works and doesn’t add much work when upgrading trellis, any help would be much appreciated, thanks

pk_an · November 24, 2022, 1:25pm

@fullyint was any update here?
Is it possible to configure trellis for multisite configuration using different manual SSL certificates for each site - ie. aexample.com and have it secured with aexample.com.crt and aexample.com.key, and the other canonical ie. bexample.com secured with bexample.com.crt and bexample.com.key?

pk_an · November 25, 2022, 10:49am

@ben maybe you have some informations in that matter as you unlisted the thread I created?

ben · November 25, 2022, 3:57pm

@pk_an Nope. In your other topic I replied that I unlisted it since you also bumped this topic.

Pick one or the other:

Bump an old topic
Create a new one

Don’t do both of these things. And there was no need to tag me in this topic.

Please create yet another new topic if you’d like to try to get some answers.