Automatically aplly letsencrypt cert to new sudomain in multisite

To automatically apply a Let's Encrypt certificate to new subdomains in a multisite WordPress installation, you can use a combination of plugins and configuration files. Here's a step-by-step guide:

Prerequisites:

  1. You have a multisite WordPress installation with subdomains (e.g., example.com, sub1.example.com, sub2.example.com, etc.).
  2. You have Let's Encrypt installed and configured on your server (e.g., using Certbot).
  3. You have the wp-letsencrypt plugin installed and activated on your multisite WordPress installation.

Step 1: Configure wp-letsencrypt

In your wp-config.php file, add the following code to enable Let's Encrypt for your multisite installation:

define('WP_LETSENCRYPT multisite', true);

Step 2: Create a custom function to generate certificates for new subdomains

Create a new file in your wp-content/mu-plugins directory (e.g., letsencrypt-subdomain.php) and add the following code:

<?php
function letsencrypt_subdomain_certificates() {
    // Get all subdomains
    $subdomains = get_sites(array('network_id' => 1, 'blog_id' => 0));

    // Loop through each subdomain
    foreach ($subdomains as $subdomain) {
        // Get the subdomain URL
        $subdomain_url = network_site_url($subdomain->domain);

        // Check if the subdomain has a certificate
        $cert = get_option("letsencrypt_{$subdomain_url}_cert");

        // If the subdomain doesn't have a certificate, generate one
        if (!$cert) {
            // Get the Let's Encrypt client
            $client = new WP_LETSENCRYPT_Client();

            // Generate the certificate
            $cert = $client->getCertificate($subdomain_url);

            // Save the certificate
            update_option("letsencrypt_{$subdomain_url}_cert", $cert);
        }
    }
}
add_action('wpmu_activate_blog', 'letsencrypt_subdomain_certificates');

This function loops through each subdomain, checks if it has a certificate, and generates one if it doesn't. The wpmu_activate_blog action hook is used to run this function when a new subdomain is created.

Step 3: Configure Certbot to use the custom function

In your certbot configuration file (usually certbot.conf or certbot.ini), add the following lines:

[letsencrypt]
certbot_command = /usr/bin/certbot
certbot_args = --agree-tos --email [email protected] --non-interactive --expand --domains -d example.com,sub1.example.com,sub2.example.com

Replace example.com, sub1.example.com, and sub2.example.com with your actual subdomains.

Step 4: Run Certbot

Run the following command to generate certificates for all subdomains:

certbot certonly --webroot --webroot-path=/var/www/html --email [email protected] --agree-tos --non-interactive --expand --domains -d example.com,sub1.example.com,sub2.example.com

This command will generate certificates for all subdomains and save them in the wp-content/letsencrypt directory.

Step 5: Configure WordPress to use the certificates

In your wp-config.php file, add the following code to enable SSL for all subdomains:

define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);

This will enable SSL for all subdomains and ensure that all requests are served over HTTPS.

That's it! With these steps, you should now have Let's Encrypt certificates automatically applied to new subdomains in your multisite WordPress installation.