How to add a subdomain or mapped domain to a MS installation secured with Let's encrypt

v3
#1

Hi, since it took me some time to figure out how to add secured subdomains and mapped domains to an MS install, I thought this might helpful to somebody else, so here it is.

Assuming the WP MS installation is running on maindomain.com and we are adding newdomain.com

#create subdomain / domain to map with php and letsencrypt certificate
ee site create newdomain.com --php --le

This will create a secured php site, that we now need to direct to the MS installation while insuring the LE certificate can be renewed automatically. So now:

#edit the site to allow for automatic let's encrypt renewal
ee site edit newdomain.com

On the configuration file, change

    root /var/www/newdomain.com/htdocs;

For

    root /var/www/maindomain.com/htdocs;

    #entry to allow for automatic letsencrypt certfificate updates
    location ~ /\.well-known{
        allow all;
        root /var/www/newdomain.com/htdocs;
    }

TEST That everything is running as expected.

Let me know if it works for you or you have better configuration suggestions!

Cheers.

PS. a probably better way to make sure you configured everything correctly is installing let’s encrypt last:

    ee site create newdomain.com --php
    ee site edit newdomain.com
    ee site update newdomain.com --le
1 Like
#2

Thanks this will be helpful ! Instead of using directly letsencrypt to do it .

#3

An additional consideration: When editing the new domain configuration file, we should probably also add the line

include common/wpcommon.conf;

#4

Hi. I’ve used your workaround a thousand times. I’ve now moved to a more all-inclusive approach modifying this line [with the ADDITION comment] in /etc/nginx/common/locations.conf only once when installing ee on a new server:

# Security settings for better privacy
# Deny hidden files
location ~ /\.well-known {
  allow all;
  root /var/www/$http_host/htdocs/; #ADDITION
}

This way the only change I have to make when I do ee site edit newdomain.com is the webroot, without having to go back to this howto, copy the location block, and paste it in. I know the locations.conf file will be overwritten if I update ee, but it’s worth it for me until they figure this thing out officially.

Also, I agree adding include common/wpcommon.conf; might be a good idea as you were saying.

Thank you for your work.

2 Likes
#5

Wow, Thank you @nikksno, very clever, awesome improvement

#6

Hi, what about for the subdomain here? We know that for WPMS (Subdomain) installation, to create a new site is from WP Network Admin Panel.

Then how to do the tutorial you provide? It’s unclear for me, and need help :frowning:

Thanks

#7

@nikksno , I was having trouble enabling SSL in some instances because the $http_host variable was returning for a non-existent folder (/var/www/www.domain.com/...) when LetsEncrypt was checking domain with www

Here is the solution I came up with:

location ~ /\.well-known {
  set $well_known_host $http_host;      #ADDED
  if ($well_known_host ~* ^www.(.*)){   #ADDED
    set $well_known_host $1;            #ADDED
  }                                     #ADDED
  allow all;
  root /var/www/$well_known_host/htdocs/; #CHANGED
}

Hope it is helpful for someone!

#8

It’s probably working but you can use something simpler :

  1. change /var/www/html folder owner to www-data
chown -R www-data:www-data /var/www/html
  1. Use this folder for all your domains with the alias directive.
location ~ /\.well-known {
     alias /var/www/html/.well-known;
    }
#9

Very cool, simplicity is beautiful and if is evil :grinning:

#10

Hey again @santiazpi. I have stopped using multisite WP as EE makes it so simple to make every site independent of each other, but I remember having this problem when I was still using them. This perfectly fixes that. Great work! Thanks for sharing back!

#11

Thanks to you too @virtubox

#13