Does CW have plans to implement wildcard certs from Let's Encrypt?


#1

I’m building an app on top of WP Multisite and would like to use subdomains for customer accounts/sites, but need SSL to be implemented for each subdomain.

I’m aware that we can install custom certs and may go that route if necessary, but with this being an MVP (i.e. trying to keep costs low) and with the SSL launch date being so close (https://letsencrypt.org/2017/07/06/wildcard-certificates-coming-jan-2018.html) I was hoping to learn if CW plans to make wildcard certs available via the control panel when they launch from Let’s Encrypt.

Thanks for any info you can provide!

P.S. In case I have to go the manual cert route, does anyone have any experience with cheap wildcard certs that have worked well with your CW apps?


#2

Hi @denny

Thanks for sharing the URL. We will surely look into it.

Currently, you can use single Let’s Encrypt certificate for WordPress Multisite installations. We have written an extensive guide, have a look at here.


#3

Denny,

I have found that the crypto offered on the free tier of Cloudflare is an excellent value. You should be able to encrypt all subdomains of your MVP using their Flexible ssl configuration, which shows a green padlock but is not encrypted between Cloudflare and Cloudways. You can up your security and install a Cloudflare-generated certificate on your origin server at Cloudways and configure Cloudflare to use Full ssl and have end-to-end encryption.

Reach out to me at mompop.ltd if you have further questions about this configuration, Cloudflare in general, or need help setting up Cloudflare and migrating DNS to their platform.


#4

Hey @LucasPelton thanks for the reply + idea.

Cloudflare is amazing, but I was under the impression that SSL couldn’t be enabled on wildcard (*) entries - only when explicitly defining the subdomains one by one (and this support article seems to say that as well https://support.cloudflare.com/hc/en-us/articles/200168826-Does-Cloudflare-support-wildcard-DNS-entries-).

In that case I could do the same thing with the LE certificate that CW already provides.

Have you had a different experience with wildcards on CF?

P.S. Love the simple value proposition (“We help good businesses become great.”) on your site.


#5

You’re absolutely right about the wildcard operator not being proxied by CloudFlare and the LE cert fundamentally offering the same product. The difference I see here is the ease of adding SSL-protected subdomains via CloudFlare and not mucking around with .

The MVP nature of your project says to me that you could be (at this point) manually adding client/customer subdomains to CloufFlare (just as you would using the Cloudways panel to add subdomains to the LE cert). The reason I’d go with CloudFlare for this one is the availability of a robust API on CloudFlare.

Once you’re up and running and it’s impractical to manually add subdomains to CloudFlare, you can begin leveraging the API to add subdomains on-demand. I’d leverage the New Blog action in WP Multisite to execute a function that adds the appropriate CNAME record to CloudFlare The CURL example from the documentation is below, but you could easily convert this example to PHP (Google “curl to PHP”) so that you can execute it in the New Blog action function.

curl -X PUT "https://api.cloudflare.com/client/v4/zones/023e105f4ecef8ad9ca31a8372d0c353/dns_records/372e67954025e0ba6aaa6d586b9e0b59" \
     -H "X-Auth-Email: user@example.com" \
     -H "X-Auth-Key: c2547eb745079dac9320b638f5e225cf483cc5cfdda41" \
     -H "Content-Type: application/json" \
     --data '{"type":"CNAME","name":"newclient","content":"wordpress-AAA-BBBB.cloudwaysapps.com","ttl":120,"proxied":true}'

#6

Cloudflare API?! I can’t believe I didn’t realize that was available…


#7

Once again, API to the rescue! Sounds like you’re good to go?
PS- LOVE the reaction gif… :slight_smile:


#8

Hmmm reaction gif embedded for me with no warning when I posed it, just now saw that it didn’t display inline. So much less impactful that way :frowning:

Anyway - yes good to go now knowing that’s an option. Thanks again for pointing it out and for the code snippet!


#9

Hi @denny and all,

I’m pleased to announce that Let’s Encrypt wildcard SSL is now available at Cloudways platform. Here is the process with important notes. Kindly give it a read.

https://support.cloudways.com/lets-encrypt-wildcard-ssl/

Thanks!


#10

I realised very quickly that the wildcard cert is not usable with domain mapping as you cannot add other domains to the APP. This will exclude the wildcards certs use for most users of WP Multisite.

I was waiting for this update to see if I would stay with Cloudways, but I am now moving back to a cPanel VPS server because of the SSL issues I have encountered on Cloudways over the past year.

Pity I have such an obvious mistake in the APP :frowning: