Wildcard SSL setup for a WP multisite with subdomains and custom domains

Keywords: WordPress Multisite - AWS - How to - Secure Connections (SSL/HTTPS)
Hi all!

We have an AWS Lightsail WP multisite setup with several sites (currently testing with 3 sites, but planning to scale this to hundreds or thousands). Some of the sites are on subdomains of our main site’s domain and some of the sites are using custom domains.

We need all the sites to be on HTTPS and ideally we need a quick & seamless way to add additional certificates whenever we add a new custom domain.

We tried bncert-tool, but we’re faced with several issues:

  1. Most importantly, it doesn’t work for subdomains of our main domain. Is there a way to use it to set up a wildcard SSL?
  2. Every time when running the tool we need to list all the domains. Is there no better way, e.g. to just append the new domains?
  3. This causes 10-20 seconds of downtime (which might increase as we add more domains?). Is there no way to avoid it or at least minimize it?

Thanks in advance!

Hi @matic.mj,

Wildcard certificates, and appending new domains are currently not supported but it does support issuing all domains at once.

Unfortunately not, though the bncert tool minimizes the downtime, but it does require Apache to be stopped for the domain verification. For large quantities of domains the downtime will increase as all domains need to be verified.

Please, click on :heart: if you think my answer was helpful

Thanks a lot for your answer @michiel! Can you recommend what would be a better solution for us then? I’m not very familiar with SSL, so I’m lacking some knowledge about what’s possible.

Is it better for us to follow a more manual process, such as the one described in this AWS doc? We’ve done this in the past and it supports wildcard domains. It would also let us add just one domain at a time when we need to. But manually renewing the certificates will be a pain.

Or is it better to get some paid certificate maybe, if that helps at all?

Thanks in advance.

Hi @matic.mj,

As @michiel mentioned, wildcards are not supported in our tool but you can follow our alternative approach to configure the SSL certificates in your instance.


However, to use wildcards, you will need to use the DNS validation when running the lego tool as the official Let’s Encrypt documentation explains


Please note that the Lightsail documentation is not maintained by us and don’t know if you will find any problem when following it.

Let us know if you have any questions

Thanks all for help. In the end we decide to follow the above mentioned AWS guidelines, since those were more specific for our use case. Seems to work well for now.

1 Like

Good day,

I just went through this article :https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/#alternative-approach and it looks like it’s unix commands.

I’d like to findout if is there an article for windows?

Kind Regards,

Hi @thabisobux,

You can find a similar thread in this community forum, can you take a look at it?

If you have any questions, could you please create a new topic in this community forum? This way our team can evaluate your configuration and help you to generate the certificates.


We have updated our guide at https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/ with information about this point.