WordPress Multisite, Domain Mapping, and Let's Encrypt SSL certs - Workaround for 100 domain limit?

(Denny) #1

We’re setting up a WPMS install that will use WPMU Dev’s domain mapping plugin to point a custom TLD to each site. Enabling SSL for each domain will be a requirement.

Cloudways can only support 1 cert per app and Let’s Encrypt certs max out at 100 domains per cert. Since we’d need SSL for www and non-www version of each domain this would max us out at 50 sites with mapped domains, which we’d blow through quite quickly.

Does anyone know of a workaround for pointing more than 50 SSL-enabled domains at a multisite install? For example if we could create dummy apps, add the domains/certs there, and somehow proxy the traffic through them to the main WPMS install?

I’m fully aware we can tackle with Cloudflare but would prefer to avoid having to tell every customer to set up a CF account, point their DNS to it, etc. I want the streamlined nature of “Point your A record at our IP and you’re good to go.”

Ideally I’d love to have a solution that stays within Cloudways, but I’m also open to third-party addon solutions if, on the customer end, they’d only require pointing an A record at a specific IP.


(Zubair sadiq) #2

Hi there,

I’d like to inform you here, you can install 100 Lets Encrypt certificates on your multisite application. But before installation you need to point each domain’s A records to cloudways server IP and then add all these domains to Additional domain and one domain to Primary domain and for example please check this screenshot https://prnt.sc/iguybg

After these all steps now you need to install Lets Encrypt certificates for all the domains which added in above screenshot and for that please check this another screenshot http://prntscr.com/igvix1

Now you will get Lets Encrypt certificates for all your added domains and if any of your domain A records is not pointed correctly then LE certificate will not install.

Zubair Sadiq

(Fabio Fava) #3

Definitely didn’t answer the user’s question. I would also need a way more than 100 domains per Application. Any update abou that? 1.000 Domains per Application could be better, and unlimited domains per Applications would be mandatory…

(Denny) #4

I discussed this with support recently. They informed me that there’s no built-in way around the 100 domain limit. That’s a limitation of the certificates themselves, and there’s no way to install more than one certificate on any particular app.

However - they did inform me that we could create a second dummy PHP app on the server, add domains/SSL to that app, and then email support and have them symlink the dummy app to the WPMS site.

In the mean time I had reached out to ServerPilot to see if they had any support for something like this. They mentioned the same limitation applies with their setup - one certificate per app, 100 domains per certificate - but that since we have root access to our servers on their platform we can create the required dummy symlink on our end without involving support.

One other thing ServerPilot pointed out that I hadn’t considered - any time you add a domain to a certificate it has to delete the old one and reissue a new certificate for all existing domains. LE has rate limits in place for reissuance of certs for existing domains, so while not likely there’s potential to be a conflict there if you were to quickly add domains and have to keep reissuing certificates over the course of a short period of time.

With those issues in mind, I’ll be using ServerPilot for this project and, for the time being, manually set up one dummy app per domain that we add. Then SSL certs will be installed within that dummy app and will be unique to that one domain. This will keep things nice and clean, avoid rate limits, and not involve third-party support to get SSL installed on any particular domain.

At a certain level of scale this can then be automated via APIs to automatically add the app, domain, SSL cert, and symlink when someone maps a new domain in WPMS.