WordPress Multisite with Wildcard DNS and/or SSL on Dreamhost

Although Dreamhost supports Wildcard DNS, they don’t support Wildcard SSL (except on DreamCompute), so WordPress Multisite with wildcard subdomains may not be the best choice.

TL;DR

  1. Dreamhost & Wildcard DNS
  2. Setting up WordPress Multisite
  3. I suggest not using Wildcard DNS with Multisite subdomains – and show how to get SSL on Multisite by registering each subdomain first

Years ago, I had Dreamhost set up Wildcard DNS for me, but it frustrated me that I could never get secure HTTPS connections for the subdomains.

Turns out many people have also had issues with this. And although I still don’t have a Wildcard SSL certificate solution that works, I have found a work-around that will suit my present situation. 

Note

This work-around basically nullifies my Wildcard DNS because I have to register each subdomain individually from the Dreamhost Panel.

In any case, this is the setup I currently have and Dreamhost’s position on each:

  1. Wildcard DNS on Dreamhost
  2. WordPress Multisite (read this Before creating a Network)
  3. SSL on those Multisite subdomains
    • Not supported by Dreamhost unless using DreamCompute (requires additional configuration)

#1 Setup Wildcard DNS

Two simple steps:

  1. Upgrade your hosting plan to VPS or a Dedicated server
  2. Contact Dreamhost Support to set up Wildcard DNS for you

#2 Setup WordPress Multisite

First, ask yourself if you REALLY need a Multisite installation, and if so, how many subdomains you expect to need. In fact, it’s actually an easier option to opt for subfolders rather than subdomains for your extra sites as this would make your SSL and Wildcard DNS problems virtually disappear.

With subfolders

  • SSL would load from the root domain
  • You wouldn’t need to create additional subdomains at all

Second, ask yourself if you REALLY need Wildcard DNS. As noted above and below, Dreamhost doesn’t support Wildcard SSL certificates.

If you really need Wildcard DNS and Wildcard SSL 

  1. Consider moving to DreamCompute – which does support this (with additional configuration on your part)
  2. Plan to get your hands dirty doing this all on your own
  3. Consider moving to a hosting provider that supports this configuration
  4. Reconsider Wildcard SSL altogether and just accept that you’ll be registering subdomains through the Panel and getting Let’s Encrypt certificates for each one (as outlined below)

Articles to Read for Setting up Multisite

#3 Get SSL on your subdomains

Non-Wildcard SSL

The simplest way to get SSL on a subdomain is not to use wildcard subdomains in the first place. 

One of the most compelling reasons to use Multisite with Wildcard DNS is if you want to allow the creation of multiple subdomains without registering them through your Panel first. This would enable you to, for example, allow users on your website to create their own subdomain blogs within your larger site when they register or subscribe to your site’s membership plan. (This is the reason I’d originally wanted Wildcard DNS.)

But, the problem with hosting such a site on Dreamhost is that they don’t support Wildcard SSL certificates, so every site created through WordPress Multisite will say it’s “insecure” even if you load it over HTTPS (and Google Chrome will also put up a blocker alerting you of the fact).

Main idea

Don’t employ Multisite to (initially) create subdomains.

I tried the following methods to get SSL on my subdomains and each failed:

  1. Create a new subdomain (v2012.site.com) via Multisite
    • The subdomain does not use the main site’s SSL
  2. Register that same Multisite-created subdomain through the Dreamhost panel and “mirror” the site to the root site. Then get an SSL certificate for the “mirrored” domain (v2012.site.com)
    • “Mirroring” basically says “set up the exact same site at both locations and use the same SSL” – so again, only the main site’s SSL will work
  3. Change the “mirrored” site to “redirect”
    • This bypasses the subdomain altogether and maps all traffic from the subdomain directly to the main site (site.com)

Finally, after much trial-and-error, I stumbled upon Ian Dunn’s article that provides the solution.

Solution

Setup your subdomains as “Fully hosted”, but set the web root (Web Directory) to the same directory as the root domain. (And re-save SSL settings if applicable.)

Be sure to also now get yourself a FREE Let’s Encrypt SSL certificate before you save these Settings (click HTTPS under the Web Options section).

(Re)create the Site through WP Multisite

The problem with doing things this way is that now you’re no longer really taking advantage of your Wildcard DNS. And actually, just creating a subdomain through the Dreamhost Panel won’t set up WordPress Multisite to run on the subdomain.

So, the next step is to go back into your Multisite installation at the root of your domain and create (or delete and recreate) your subdomain Site.

Re-saving SSL settings

Now, if the (new) site still isn’t loading HTTPS securely, there are two possibilities for this:

  1. You didn’t wait long enough for the Let’s Encrypt certificate to take effect (in that case, refresh the page in 5-10 minutes and check again)
  2. You may need to re-save your SSL settings (as Ian Dunn outlines)

To re-save your SSL settings, click the https On link in the center of your Domain Registration listing table under the Manage Domains menu item.

On the next screen, check the box marked Copy non-secure settings and Save it.

Force HTTPS

There’s one more thing to be sure of – that HTTPS is always loaded regardless or whether or not an HTTP or HTTPS URL is accessed. You can do this with the following code inserted into the top of your .htaccess file in the root of your Multisite installation directory:

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>