WordPress Multisite, Domain Mapping, and Let's Encrypt SSL certs - Workaround for 100 domain limit?

We’re setting up a WPMS install that will use WPMU Dev’s domain mapping plugin to point a custom TLD to each site. Enabling SSL for each domain will be a requirement.

Cloudways can only support 1 cert per app and Let’s Encrypt certs max out at 100 domains per cert. Since we’d need SSL for www and non-www version of each domain this would max us out at 50 sites with mapped domains, which we’d blow through quite quickly.

Does anyone know of a workaround for pointing more than 50 SSL-enabled domains at a multisite install? For example if we could create dummy apps, add the domains/certs there, and somehow proxy the traffic through them to the main WPMS install?

I’m fully aware we can tackle with Cloudflare but would prefer to avoid having to tell every customer to set up a CF account, point their DNS to it, etc. I want the streamlined nature of “Point your A record at our IP and you’re good to go.”

Ideally I’d love to have a solution that stays within Cloudways, but I’m also open to third-party addon solutions if, on the customer end, they’d only require pointing an A record at a specific IP.


1 Like

Hi there,

I’d like to inform you here, you can install 100 Lets Encrypt certificates on your multisite application. But before installation you need to point each domain’s A records to cloudways server IP and then add all these domains to Additional domain and one domain to Primary domain and for example please check this screenshot https://prnt.sc/iguybg

After these all steps now you need to install Lets Encrypt certificates for all the domains which added in above screenshot and for that please check this another screenshot http://prntscr.com/igvix1

Now you will get Lets Encrypt certificates for all your added domains and if any of your domain A records is not pointed correctly then LE certificate will not install.

Zubair Sadiq

Definitely didn’t answer the user’s question. I would also need a way more than 100 domains per Application. Any update abou that? 1.000 Domains per Application could be better, and unlimited domains per Applications would be mandatory…

I discussed this with support recently. They informed me that there’s no built-in way around the 100 domain limit. That’s a limitation of the certificates themselves, and there’s no way to install more than one certificate on any particular app.

However - they did inform me that we could create a second dummy PHP app on the server, add domains/SSL to that app, and then email support and have them symlink the dummy app to the WPMS site.

In the mean time I had reached out to ServerPilot to see if they had any support for something like this. They mentioned the same limitation applies with their setup - one certificate per app, 100 domains per certificate - but that since we have root access to our servers on their platform we can create the required dummy symlink on our end without involving support.

One other thing ServerPilot pointed out that I hadn’t considered - any time you add a domain to a certificate it has to delete the old one and reissue a new certificate for all existing domains. LE has rate limits in place for reissuance of certs for existing domains, so while not likely there’s potential to be a conflict there if you were to quickly add domains and have to keep reissuing certificates over the course of a short period of time.

With those issues in mind, I’ll be using ServerPilot for this project and, for the time being, manually set up one dummy app per domain that we add. Then SSL certs will be installed within that dummy app and will be unique to that one domain. This will keep things nice and clean, avoid rate limits, and not involve third-party support to get SSL installed on any particular domain.

At a certain level of scale this can then be automated via APIs to automatically add the app, domain, SSL cert, and symlink when someone maps a new domain in WPMS.

1 Like

Hey Denny, I was wondering how this method using Server Pilots symlink has treated you? Is it working out?

I’m facing a similar problem.

Thanks in advance!


Yes - so far so good!

I haven’t automated anything via the API yet, just manually adding the domains and symlinks.

Here’s how to create the symlink.

  1. First create your dummy app (the one that will house the new domain/SSL)

  2. Connect to SSH as serverpilot user and run these commands:

    rm ~/apps/dummyapp/public
    ln -s ~/apps/mainapp/public ~/apps/dummyapp/public

Let me know if you run into any issues.

1 Like

That’s good to hear!

Are there any limitations on the ServerPilot side? e.g. App limit?

Thanks for the detailed instructions.


No limitations that I’m aware of. Seeverpilot said no app limit. They have very responsive support team though if you have specific questions beyond that.

Hi Denny, I found your post here because we are in the exact same boat currently. It’s been since your last post, and I wanted to check in to see if you still stand by the decision to go with Serverpilot and symlink the domains via SSH?

Thanks in advance.

Yes this is still how we’re handling to this day. I have not circled back with CW support to see if anything’s improved on their end, but ServerPilot has worked pretty seamlessly for my needs thus far.

That’s great to hear!

I have just one more question - have you considered creating one new app (in Serverpilot) per 100 domains? As opposed to an app per domain.

This way we only need to symlink one app per 100 domains instead of once per domain. I suppose the only issue would be finding which app a domain is under should you need to do something with it, but I imagine this would work and save on the “per app” charge that Serverpilot has recently implemented as well.

What do you think?

Yes I have a buddy who does that - just fires up a new app when he hits the domain limit.

I’m on a grandfathered plan where per-app charges don’t exist, so I decided I’d rather have each app map to a subsite within WPMU for reasons you expressed above (making it easy to find the domain/customer if there are issues with SSL propgation, etc).

Each app is named by the site ID and then primary domain name (or whatever piece of the domain will fit into the 30 character app name limit):


1 Like

Thanks Denny, much appreciated!