SSL certificates, oh SSL certificates. Where to begin? These little certificates help hold the big web securely together to protect websites. But they are finicky. Reclaim Hosting uses Let’s Encrypt across our infrastructure and using it on Reclaim Cloud was a no-brainer. Jelastic partners with Let’s Encrypt to bring SSL certificates as an addon to most environments.
This article will walk you through working with the Let's Encrypt Addon but will also show you how to bring in a third-party certificate and things to work through setting up your WordPress Multisite to use the proper SSL Certificate.
Let’s Encrypt Addon
You can provision an SSL certificate for free through Let's Encrypt if you'd like. Most users typically run through this option. Sometimes though, the SSL certificate doesn’t provision properly. If that's the case, you can add your custom URL to the Let’s Encrypt add-on. So while your URL is active and online, Let’s Encrypt will need a “refresher” to issue the certificate to that particular URL.
If the URL is not listed you can add it to the external domains section and apply the setting. You will need to update the SSL certificate from here.
Custom SSL
The next option through Reclaim Cloud for SSL is a custom SSL certificate. You can purchase the SSL certificate from an external company and work with that with your environment. The SSL documentation on Jelastic is helpful in this capacity.
The custom SSL certificate needs 3 items to implement, a server key, intermediate certificate, and the domain certificate.
First, you need to generate the certificate signing request (CSR). This is done through a program like OpenSSL and it runs through the WebSSH feature for the environment. Once you have the CSR, you'll receive a server key. The server key is uploaded to our environment, then send to the user the CSR.
Then the user will use the CSR to generate the Intermediate Certificate and finally the Domain Certificate. The Intermediate Certificate is used with the provisioning company to ensure they’re verified to issue the SSL certificate to Reclaim and to the user. These are then sent back to Reclaim to upload to the environment.
Once all 3 items are in place, you can issue the SSL certificate for the environment. We did run into the issue where we needed to reissue the Let’s Encrypt plugin to cover the main URL on the WPMS from there.
WordPress Multisite
If you're working with a WordPress multisite on Reclaim Cloud, you'll want to pay attention to the type of Multisite you're working with. Is this a subdirectory (domainname.com/subdirectory) or a subdomain (subsite.domainname.com) WordPress install?
Subdirectory Install
If you're working with a subdirectory Multisite, then you can follow the steps listed above with no problem! The SSL certificate will cover all URLs that fall under the main domainname.com portion.
Subdomain Install
For a subdomain WordPress Multisite installation, you'll still want to complete the steps listed above, but you'll want to take note of the URLs listed above as you'll need to add those to the Let's Encrypt add-on to ensure they're covered.
If the multisite is a large instance, you'll want to opt for a Wildcard SSL certificate. This will cover all subdomains created within the multisite. You'll need to purchase this with a third party, then follow the Custom SSL steps listed above.
There is an additional step you'll need to do within your environment however. The custom SSL steps wil upload the necessary files within the server, but in order for them to take hold, you will need to ensure that the configuration files are set to locate the particular certificate.
It should look something like this:
Once those configuration files are set, you'll want to add the Let's Encrypt SSL certificate to the main URL and you're good to go!
--
Typically SSL certificates can last 3 months when working with Let’s Encrypt, or 1 year+ when working with another company. Let’s Encrypt renews automatically while the third party certificate will need to be updated manually.