Wordpress multisite ssl

Getting SSL working on word press multisites (WPMU) with domain mapping.

Took me a while to work this out on vestacp and is the same on Hestia, but thought i would post it here to help others out.

Setup wordpress multisite and domain mapping using latest wordpress guides no domain mapping plugins.

Multisite installed - yes
In main dashboard go to sites, add sites with default settings - yes
Ensure wordpress is set to use https - yes

Wordpress multisite works best on dedicated IP so ensure your parent WPMU site is on one.

Previously i had created the child WPMU site as a normal domain on shared IP and changed the dns record for web to point at parent WPMU site dedicated IP.

After much hassle I read that creating an alias in main WPMU site in vestacp would work for ssl on all WPMU child domains.

If you already have created the child domain as normal domain you will need to delete it, make sure you backup any data you need such as mail.

In HestiaCP your WPMU parent site edit

Web>Domain>Edit Web Domain

in the alias section put


(note have not yet tried creating the www aliases for parent and child domains)

Now enable ssl
Enable SSL for this domain
Use Lets Encrypt to obtain SSL certificate
Enable automatic HTTP-to-HTTPS redirection
Enable HTTP Strict Transport Security (HSTS)


This may take a while.

If you get any error try creating the aliases first, then enable SSL

Back to wordpress main dashboard > sites

Select child site
Info Tab
Site Address (URL) - https://childdomain1.com

Settings Tab
Siteurl - https://childdomain1.com
Home - https://childdomain1.com


Check main WPMU site and view certificate details, you should see the aliases for mapped sites there.

the only issue i have setting up WPMU with domain mapping and not using domain mapping plugin (deceased) is not being logged into all child sites as superadmin.

If want email on the WPMU child domain you will have to create a mail domain in HestiaCP, as it is not created when you add aliases to primary WPMU domain.

hope this helps

I’m in this these days

If I create the network, I add the aliases and create ssl works

If I then want to add new domains (aliases) there is no way that letsencrypt will generate ssl for those new aliases.

for example if I want to add new domains to the multisite network

The current way is to disable ssl and reenable it, then it will generate a new certificate including the new aliases.


When deactivating and activating ssl it did not work.

My mistake was to put a wildcard domain[dot]com , *.domain[dot]com , domain1[dot]com , domain2[dot]com

In this situation (wildcard so that they have ssl the subdomains) it didn’t work for me.

The simple solution has been to remove the wildcard.

When deactivating and activating ssl now if all the domains with ssl work

1 Like