Installing SSL for more than one domain and future others

Keywords: WordPress Multisite - AWS - How to - Secure Connections (SSL/HTTPS)
Description:
Hello,

I have installed a WordPress multisite successfully on AWS LightSail.

I need help with, please,
Installing an SSL certificate but not only for the main domain. I want to install SSL certificate also for subsites that have their own domain names.

example,
if the main domain is ‘example.com.au’ and a sub-site is now shown as ‘2nd-example.com.au’ I want them both the show https://.

I also want for a future site(s) to be with SSL cert. Those sites which doesn’t exist at the moment.

Please, help.

Thanks

Hi @yairguy,

The following guide explains how to do this:

https://docs.bitnami.com/bch/apps/wordpress-multisite/administration/use-different-ssl-certificates/

Hope it helps.

Regards,
Michiel

Hello @michiel,
thank you for the info.

I run the test as suggested in the article and I am using Approach B: Self-Contained Bitnami Installations.

I understand that I need to update the following file ( httpd-vhosts.conf):

<VirtualHost *:80>
      ServerName yourserverdomain.com
      ServerAlias *.yourserverdomain.com
      DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"
      Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"
  </VirtualHost>
  <VirtualHost *:443>
      ServerName yourserverdomain.com
      ServerAlias *.yourserverdomain.com
      DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"
      SSLEngine on
      SSLCertificateFile "/opt/bitnami/apps/wordpress/conf/certs/new_server.crt"
      SSLCertificateKeyFile "/opt/bitnami/apps/wordpress/conf/certs/new_server.key"
      Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"
  </VirtualHost>

To look like this,

<VirtualHost *:80>
      ServerName mydomainname.com.au
      ServerAlias *.mydomainname.com.au
      DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"
      Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"
  </VirtualHost>
  <VirtualHost *:443>
      ServerName mydomainname.com.au
      ServerAlias *.mydomainname.com.au
      DocumentRoot "/opt/bitnami/apps/wordpress/htdocs"
      SSLEngine on
      SSLCertificateFile "/opt/bitnami/apps/wordpress/conf/certs/new_server.crt"
      SSLCertificateKeyFile "/opt/bitnami/apps/wordpress/conf/certs/new_server.key"
      Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"
  </VirtualHost>

However, the article also says the following,
To specify a different SSL certificate for each domain, update the paths to the corresponding certificate files in the SSLCertificateFile and SSLCertificateKeyFile directives.

So two questions to help me with, please,

  1. What is the correct path mentioned in the last paragraph?
  2. I should do the following for every domain? Meaning, if I have two domains at the very end, this file httpd-vhosts.conf should have four (4) Virtual host * statements, as seen below and those should be uploaded.
<VirtualHost *:80>
      ServerName mydomainname.com.au
      ServerAlias *.mydomainname.com.au
      .....
  </VirtualHost>
  <VirtualHost *:443>
      ServerName mydomainname.com.au
      ServerAlias *.mydomainname.com.au
     ........
  </VirtualHost>
<VirtualHost *:80>
      ServerName mydomainname2.com.au
      ServerAlias *.mydomainname2.com.au
      .....
  </VirtualHost>
  <VirtualHost *:443>
      ServerName mydomainname2.com.au
      ServerAlias *.mydomainname2.com.au
     ........
  </VirtualHost>

thank you for helping,

I look forward to hearing from you,
Yair

Hi @michiel,

I just wanted to sharpen my question to you.
When talking about the path, I mean what is the file name. For example, what the ‘new_server.crt’ needs to change to? same as ‘new_server.key’

thanks, again,
Yair

Hi @yairguy,

This depends on where you place your certificates. You can place them in /opt/bitnami/apps/wordpress/conf/certs and then set the path as follows:

SSLCertificateFile "/opt/bitnami/apps/wordpress/conf/certs/your_cert.crt"

Yes, you need to add 2 virtual hosts per domain. One for HTTP and one for HTTPS.

Regards,
Michiel

Hi @michiel ,

Here is what I have done,

I generated SSL certificates with the tool bitnami provide - sudo /opt/bitnami/bncert-tool

Because this is a WP MultiSite it doesn’t do the redirections.
Put the redirections aside for the moment…

After running the tool mentioned above I went to proceed with the rest of the instructions specified.

I then looked into the /opt/bitnami/apps/wordpress/conf/certs/ path to look for the .crt and .key file but they weren’t there. A further lookup revealed that they are located at /opt/bitnami/letsencrypt/certificates/.

Meaning,
My /opt/bitnami/apps/wordpress/conf/httpd-vhosts.conf file looks like this now…

<VirtualHost *:80>
ServerName palapa.com.au
ServerAlias .palapa.com.au
DocumentRoot “/opt/bitnami/apps/wordpress/htdocs”
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www. [NC]
RewriteRule ^(.
)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"

<VirtualHost *:443>
ServerName palapa.com.au
ServerAlias .palapa.com.au
DocumentRoot “/opt/bitnami/apps/wordpress/htdocs”
SSLEngine on
SSLCertificateFile “/opt/bitnami/letsencrypt/certificates/palapa.com.au.crt”
SSLCertificateKeyFile “/opt/bitnami/letsencrypt/certificates/palapa.com.au.key”
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www. [NC]
RewriteRule ^(.
)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"
ServerName spirulinapowder.store ServerAlias *.spirulinapowder.store DocumentRoot "/opt/bitnami/apps/wordpress/htdocs" RewriteEngine On RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteRule ^(.*)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"

<VirtualHost *:443>
ServerName spirulinapowder.store
ServerAlias .spirulinapowder.store
DocumentRoot “/opt/bitnami/apps/wordpress/htdocs”
SSLEngine on
SSLCertificateFile “/opt/bitnami/letsencrypt/certificates/spirulinapowder.store.crt”
SSLCertificateKeyFile “/opt/bitnami/letsencrypt/certificates/spirulinapowder.store.key”
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www. [NC]
RewriteRule ^(.
)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"

I then proceeded to the next step, include that file in Apache’s /opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf

My bitnami-apps-vhosts.conf is now looking like this:

Bitnami applications installed in a Virtual Host

Include “/opt/bitnami/apps/wordpress/conf/httpd-vhosts.conf”

It was then uploaded and apache was restarted as instructed.

The results:

  1. The main multisite domain palapa.com.au is working with both http and https yet still needs to be redirected to https.
    The second domain spirulinapowder.store doesn’t work - the browser says Too Many redirections.

I then removed the spirulinapowder.store section from the https-ghosts.conf, uploaded and restarted apache and the site loaded again but no https.

Hi @yairguy,

We have a Support Tool that will gather relevant information for us to analyze your configuration and logs. Could you please execute it on the machine where the stack is running by following the steps described in the guide below?

How to Run the Bitnami Support Tool in a cloud image or virtual machine

Please note that you need to paste the code ID that is shown at the end.

Regards,
Michiel

Here you go,

577667b4-a593-f622-3e5a-01243a544553

Also, all that came through,
===== Begin of bndiagnostic tool output =====

? Apache: Found possible issues
✓ Connectivity: No issues found
? Resources: Found possible issues
✓ Mysql: No issues found
✓ Php: No issues found

[Apache]

Found recent Pagespeed related error messages in the Apache error log:

[Tue May 18 08:48:16.989446 2021] [pagespeed:error] [pid 22605:tid 
140065049143040] [mod_pagespeed 1.13.35.2-0 @22605] PageSpeed Serf fetch failure 
rate extremely high; only 1 of 12 recent fetches fully successful; is fetching 
working?

We suggest disabling pagespeed and check if that improves the behavior. Please
check the following guide to disable Pagespeed:
Press [Enter] to continue:

https://docs.bitnami.com/general/apps/wordpress/administration/use-pagespe
ed/#disable-pagespeed

Found recent error or warning messages in the Apache error log.

[Mon May 17 06:11:17.628868 2021] [proxy_fcgi:error] [pid 12157:tid
140065594177280] [client 54.250.87.247:11649] AH01071: Got error ‘PHP message:
Payment gateway with handle ‘wc-payment-method-paypal’ has been deactivated
because its dependency ‘wc-blocks-registry’ is not registered. Read the docs
about registering assets for payment methods:
https://github.com/woocommerce/woocommerce-gutenberg-products-block/blob/trunk/do
cs/extensibility/payment-method-integration.md#registering-assets’
[Mon May 17 06:11:17.822822 2021] [proxy_fcgi:error] [pid 12157:tid
140066172864256] [client 54.250.87.247:11649] AH01071: Got error ‘PHP message:
Payment gateway with handle ‘wc-payment-method-paypal’ has been deactivated
because its dependency ‘wc-blocks-registry’ is not registered. Read the docs
about registering assets for payment methods:
https://github.com/woocommerce/woocommerce-gutenberg-products-block/blob/trunk/do
cs/extensibility/payment-method-integration.md#registering-assets’
[Mon May 17 09:45:12.186414 2021] [proxy_fcgi:error] [pid 12157:tid
140065577391872] (70008)Partial results are valid but processing is incomplete:
[client 178.175.94.121:56841] AH01075: Error dispatching request to : (reading
Press [Enter] to continue:
input brigade)

Please check the following guide to troubleshoot server issues:

https://docs.bitnami.com/general/apps/wordpress/troubleshooting/debug-erro
rs-apache/

[Resources]

Your instance has little available RAM memory.

 total used free shared buff/cache available Mem: 482 360 6 35 115 74 Swap: 634 
446 188

You could try to increase your instance’s memory. Please check your cloud
provider’s documentation for more information.

===== End of bndiagnostic tool output =====

Hi @yairguy,

You didn’t add the vhosts for spirulinapowder.store. Can you add them to /opt/bitnami/apps/wordpress/conf/httpd-app.conf?

Regards,
Michiel

Thank you, Michiel, but I’m not sure what you mean by that.
(https://spirulinapowder.store the connection is not private at the moment. I did add it before the last message but because the connection wasn’t private I removed it.)

Below are the two files,
The file /opt/bitnami/apps/wordpress/conf/httpd-vhosts.conf is looking like this:

<VirtualHost *:80>
ServerName palapa.com.au
ServerAlias .palapa.com.au
DocumentRoot “/opt/bitnami/apps/wordpress/htdocs”
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www. [NC]
RewriteRule ^(.
)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"

<VirtualHost *:443>
ServerName palapa.com.au
ServerAlias .palapa.com.au
DocumentRoot “/opt/bitnami/apps/wordpress/htdocs”
SSLEngine on
SSLCertificateFile “/opt/bitnami/letsencrypt/certificates/palapa.com.au.crt”
SSLCertificateKeyFile “/opt/bitnami/letsencrypt/certificates/palapa.com.au.key”
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www. [NC]
RewriteRule ^(.
)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"

<VirtualHost *:80>
ServerName spirulinapowder.store
ServerAlias .spirulinapowder.store
DocumentRoot “/opt/bitnami/apps/wordpress/htdocs”
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www. [NC]
RewriteRule ^(.
)$ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"

<VirtualHost *:443>
ServerName spirulinapowder.store
ServerAlias .spirulinapowder.store
DocumentRoot “/opt/bitnami/apps/wordpress/htdocs”
SSLEngine on
SSLCertificateFile “/opt/bitnami/letsencrypt/certificates/palapa.com.au.crt”
SSLCertificateKeyFile “/opt/bitnami/letsencrypt/certificates/palapa.com.au.key”
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www. [NC]
RewriteRule ^(.
)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

Include "/opt/bitnami/apps/wordpress/conf/httpd-app.conf"

and the file the file /opt/bitnami/apps/wordpress/conf/httpd-app.conf is looking like this:

<Directory “/opt/bitnami/apps/wordpress/htdocs”>
Options +MultiViews +FollowSymLinks
AllowOverride None
<IfVersion < 2.3 >
Order allow,deny
Allow from all

= 2.3>
Require all granted

<IfDefine USE_PHP_FPM>
   <FilesMatch \.php$>
     SetHandler "proxy:fcgi://wordpress-fpm"
   </FilesMatch>
</IfDefine>

RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [S=2]

uploaded files

RewriteRule ^files/(.+) wp-includes/ms-files.php?file=$1 [L]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]

Include "/opt/bitnami/apps/wordpress/conf/banner.conf"

Include “/opt/bitnami/apps/wordpress/conf/htaccess.conf”

Hi @yairguy,

Could you add both vhosts, restart Apache, try to connect to the domain that isn’t working and then run the bnsupport tool? (After that you can remove it again)

Regards,
Michiel

Hi,
I’m sorry, I don’t know what you mean by “add both vhosts”

If you mean adding to the to place both domains on pt/bitnami/apps/wordpress/conf/httpd-vhosts.conf, it is already done. You can see that in my previous reply to you. Other than that I don’t really know what you mean and need you to be more specific, please.

Also, I did restart Apache like you asked and run the bnsupport tool. See below.
d200b5b4-02b4-e46a-211c-2fbc378881d7

Hi @yairguy,

I’ve checked the vhosts configuration, it seems ok. Did you configure the domains in the WordPress admin? Please check this guide:

https://docs.bitnami.com/ibm/apps/wordpress-multisite/configuration/configure-wordpress-multisite/#add-several-wordpress-multisite-blogs-with-different-domains

Regards,
Michiel

Hi @michiel,

In lightSail the DNS Zone for spirulinapowder.store contains,

  1. the name servers
  2. An A Record pointing to the Static IP (i.e. @.spirulinapowder.store to 54.253.166.122)
  3. a CNAME record (i.e. www.spirulinapowder.store maps to spirulinapowder.store)

The domain registrar of spirulinapowder.store,

  1. The nameservers are pointing to the same name servers at LightSail DNS Zone.
  2. A Record i.e. @.spirulinapowder.store at 54.253.166.122 (as of this morning).

Thanks,

Hi @yairguy,

I was referring to the domain configuration in the WordPress Admin itself. Did you check the guide I shared with you?

https://docs.bitnami.com/ibm/apps/wordpress-multisite/configuration/configure-wordpress-multisite/#add-several-wordpress-multisite-blogs-with-different-domains

Regards,
Michiel

Yes, @michiel.

Everything is in order.

Hi @yairguy,

Can you try flushing the pagespeed cache?

https://docs.bitnami.com/aws/apps/wordpress/administration/use-pagespeed/#flush-the-pagespeed-cache

Pagespeed caches the pages, so it can cause redirection issues when a domain or an IP configuration changes.

Regards,
Michiel

Hi, @michiel,

It didn’t work either.

I understand that there is a redirection loop here. However, I’m not proficient enough to find where is that loop and you, while your skills are very good, can’t do it well enough through this medium. Meaning, quicker than a single message every 24 hours and I need to move on.

Thank you for trying. It is highly appreciated.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.