Automatically aplly letsencrypt cert to new sudomain in multisite
To automatically apply a Let's Encrypt certificate to new subdomains in a multisite WordPress installation, you can use a combination of plugins and configuration files. Here's a step-by-step guide:
Prerequisites:
- You have a multisite WordPress installation with subdomains (e.g.,
example.com
,sub1.example.com
,sub2.example.com
, etc.). - You have Let's Encrypt installed and configured on your server (e.g., using Certbot).
- You have the
wp-letsencrypt
plugin installed and activated on your multisite WordPress installation.
Step 1: Configure wp-letsencrypt
In your wp-config.php
file, add the following code to enable Let's Encrypt for your multisite installation:
define('WP_LETSENCRYPT multisite', true);
Step 2: Create a custom function to generate certificates for new subdomains
Create a new file in your wp-content/mu-plugins
directory (e.g., letsencrypt-subdomain.php
) and add the following code:
<?php
function letsencrypt_subdomain_certificates() {
// Get all subdomains
$subdomains = get_sites(array('network_id' => 1, 'blog_id' => 0));
// Loop through each subdomain
foreach ($subdomains as $subdomain) {
// Get the subdomain URL
$subdomain_url = network_site_url($subdomain->domain);
// Check if the subdomain has a certificate
$cert = get_option("letsencrypt_{$subdomain_url}_cert");
// If the subdomain doesn't have a certificate, generate one
if (!$cert) {
// Get the Let's Encrypt client
$client = new WP_LETSENCRYPT_Client();
// Generate the certificate
$cert = $client->getCertificate($subdomain_url);
// Save the certificate
update_option("letsencrypt_{$subdomain_url}_cert", $cert);
}
}
}
add_action('wpmu_activate_blog', 'letsencrypt_subdomain_certificates');
This function loops through each subdomain, checks if it has a certificate, and generates one if it doesn't. The wpmu_activate_blog
action hook is used to run this function when a new subdomain is created.
Step 3: Configure Certbot to use the custom function
In your certbot
configuration file (usually certbot.conf
or certbot.ini
), add the following lines:
[letsencrypt]
certbot_command = /usr/bin/certbot
certbot_args = --agree-tos --email [email protected] --non-interactive --expand --domains -d example.com,sub1.example.com,sub2.example.com
Replace example.com
, sub1.example.com
, and sub2.example.com
with your actual subdomains.
Step 4: Run Certbot
Run the following command to generate certificates for all subdomains:
certbot certonly --webroot --webroot-path=/var/www/html --email [email protected] --agree-tos --non-interactive --expand --domains -d example.com,sub1.example.com,sub2.example.com
This command will generate certificates for all subdomains and save them in the wp-content/letsencrypt
directory.
Step 5: Configure WordPress to use the certificates
In your wp-config.php
file, add the following code to enable SSL for all subdomains:
define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);
This will enable SSL for all subdomains and ensure that all requests are served over HTTPS.
That's it! With these steps, you should now have Let's Encrypt certificates automatically applied to new subdomains in your multisite WordPress installation.