WordPress Multisite is a complex beast with many moving and nested parts. Sometimes that nature makes otherwise straightforward processes a bit more involved. Fortunately, installing SSL on your multisite isn't a bear, once you know what you're doing.
As explained in other articles in this section, WPMS can either be set up as a subfolder or subdomain structure. You can read more about that in WordPress Multisite: What to Consider when Getting Started.
Installing SSL on WPMS subfolders
If your WPMS is set up with a subfolder structure, you're in luck; all you need to do is enable SSL on your main domain (for example, wpms.com) and all of the sites in your network (wpms.com/site) will inherit that certificate. You can learn how to do this kind of SSL install in our guides, Installing Free SSL Certificates or Using Third Party SSL Certificate in cPanel depending on your needs.
Installing SSL on a subdomain-structured multisite, on the other hand, will require an additional step to make sure all of your sites are covered.
Enabling Lets Encrypt for WPMS subdomains
In order to get an SSL certificate installed on WPMS subdomains, we'll need to first create a "wildcard" subdomain off of the main project URL (for example, *.wpms.com). Wildcard subdomains come in handy in these types of situations, as they allow you to secure a subdomain automatically, even before it's created. When using the asterisk (*) wildcard, your SSL certificate is able to identify any combination of characters that precede the root domain as being secured, immediately resolving.
Since AutoSSL doesn't provision to wildcard certificates, we'll be using LetsEncrypt directly in cPanel.
- From your cPanel dashboard, go to the Subdomains section.
- Create your wildcard subdomain by typing an asterisk (*) in the "Subdomain" field. Click create.
- Once your wildcard is set up, go back to your cPanel dashboard and navigate to Lets Encrypt SSL.
- Find your new wildcard subdomain and click + Issue.
- On the following page, be sure to select dns-01 as your validation method and click Issue.
Enjoy your freshly certified WPMS!
Purchasing Third Party Wildcard CertificatesKeep in mind that there are scenarios in which this workflow won't be applicable, particularly for larger institutions. Sometimes, institutions will need to purchase their own wildcard certificates, whether that be because a user's institution has policies in place that require a specific SSL certificate, or if the user wants a cert that will last a full year before renewing. In that case, the user will want to follow our Using Third Party SSL Certificate in cPanel guide.
Furthermore, if you're not running your WPMS out of cPanel but, rather, our Reclaim Cloud environment, you will most likely need to purchase your wildcard cert separately from a company like InCommon, and requires additional configuration. You can read about this process in our guide Custom SSL certificates on Reclaim Cloud for WordPress Multisites.