Secure Sockets Layer (SSL), and the newer Transport Layer Security (TLS), is a security technology that establishes an encrypted link between servers, browsers and mail clients.

  • SSL – (Secure Sockets Layer) The standard for keeping an internet connection secure and protecting sensitive data that is being sent between two systems. It prevents hackers from seeing or changing any information being transferred.
  • TLS – (Transport Layer Security) The updated, more secure, version of SSL.
  • HTTPS – (HyperText Transfer Protocol Secure) HTTPS is what is in the URL when a website is secured by an SSL certificate. Details about the certificate can be viewed by clicking on the lock symbol next to the URL in the search bar.

All WPMU DEV sites use and enforce the https:// protocol by default. This way, all communication between the website and the client is made under a secure layer to avoid man-in-the-middle and other similar attacks.

Sites without a valid SSL are considered potentially unsafe, so WPMU DEV requires and provides SSL certificates for all sites we host.

Not Hosting with WMPU DEV?

If you haven’t set up your WPMU DEV hosting account yet, visit WPMU DEV Hosting and explore the features of our best-in-class Managed WordPress hosting, see pricing packages, and start a free trial.

4.1 Types of SSL Certificates

Copy chapter anchor to clipboard

WPMU DEV provides two types of SSL certificates at no additional cost to you:

You can also optionally provide your own Custom SSL Certificate if you need to.

4.1.1 Regular SSL Certificates

Link to chapter 1

A regular certificate is used to secure domains destined to be used on single site installs, or custom domains added to a WordPress multisite install.

When a new site is created with a temporary tempurl.host domain, or a custom domain is added to any existing site, we automatically provision and install a regular SSL certificate on it.

For most sites, SSL certificates will be applied in a matter of minutes, but the process can take hours or, in rare cases, a full day, depending on how quickly your DNS settings propagate around the world.

We renew these certificates automatically every three months.

As soon as the certificate is added to a site, we force all traffic over HTTPS only.

You can easily verify that an SSL certificate has been provisioned on your domain. In your Hub, click the Hosting tab, followed by the Domains tab.

hosting dashboard domains tab

There, you’ll see a green check mark in the SSL Status column. When you hover your mouse over the green check icon in the SSL Status column, for either the temporary tempurl.host domain or a custom domain you’ve added, you’ll see it automatically has a regular SSL certificate issued for it.

Hub 2.0 showing regular SSL certificate issued to a domain

4.1.2 Wildcard SSL Certificates

Link to chapter 1

WPMU DEV provides free wildcard SSL certificates for both subdomain and subdirectory multisite networks. This means that even if you have a subdirectory multisite, you can map subdomains to subsites in it, and have them all covered by the same wildcard certificate.

Recommended Reading

Read our blog, Free Wildcard SSL for Multisite Subdomains, for a guide to setting up Wildcard SSL Certificates on your multisite.

Note that a subdomain multisite can be developed without a wildcard certificate, but if you take the network live without one, your subdomains will show a security error when visitors attempt to access them.

Generating the wildcard certificate

To generate a free wildcard certificate, you need only add a single record to your primary domain’s DNS and then recertify the SSL.

In your Hub, click the Hosting tab, followed by the Domains tab.

hosting dashboard domains tab

When you hover your mouse over the icon for the custom domain you have added and want to use as the primary domain, you’ll see it has a regular certificate automatically provisioned. But there is a prompt there to remind you that if you want to use a wildcard certificate instead, you need to add the required CNAME record to your domain’s DNS records.

Hub 2.0 CNAME prompt for wildcard SSL certificate

Once the required CNAME has been added to the domain’s DNS, you’ll then need to click on the Recheck ACME option, in the dropdown under the three-dot icon, for the system to automatically verify the DNS and generate the wildcard certificate for your domain.

Hub 2.0 recheck acme for wildcard SSL certificate

To get the info you need to add to your domain’s DNS, scroll down to the bottom of the screen to find the site’s DNS records. Locate the CNAME (optional for wildcard SSL certificates) record, which has two parts: a hostname of _acme-challenge, followed by the actual record.

DNS info needed to enable free wildcard SSL certificate on WPMU DEV hosted multisite

The hostname and the record must be copied to your DNS. If your DNS is connected to the Hub 2.0 DNS feature, follow the guidance below to quickly update your DNS.

If your DNS is managed elsewhere, most commonly your domain registrar, then see our Registrar Guides documentation, where we have compiled DNS guidance for several popular providers. If your provider is not covered, check with your registrar for help editing your DNS.

Using WPMU DEV DNS Panel

Click the DNS tab at the top of the page to open your Domains list. Click the domain that serves as your multisite’s primary domain to view its DNS records.

dns site list

Click the Add Record button to add a new record and select the CNAME Record option.

Add new record in Hub DNS manager

Copy the Hostname value shown on the Domains tab for your site and paste it in the Hostname field for the new CNAME record in the DNS panel. Copy the Record value you see on the Domains tab and paste it in the Is an alias of field. Click the Add button to save that new CNAME record.

CNAME to enable free wildcard SSL certificate on WPMU DEV hosted multisite

Allow a few minutes for the DNS change to propagate and click the Recheck ACME option as noted above. You should then see that the custom domain now shows SSL as being secured by a wildcard certificate, and you can set it as the primary for your multisite.

Hub 2.0 showing wildcard SSL certificate issued to a domain

Now, when you load any subsite in your multisite, you’ll see that it too is secured by the main domain’s SSL certificate. In other words, all of these would now be secured by the same wildcard SSL certificate in either a subdomain-based or subdirectory-based multisite:

mainsite.tld
subsite.mainsite.tld
mainsite.tld/subsite

4.1.3 Custom SSL Certificates

Link to chapter 1

WPMU DEV also allows you to add your own custom SSL certificate to your site if you wish. This must be done by our hosting support team though, as there is currently no user interface for this.

To get this done, you will first need to submit a Certificate Signing Request (CSR) to a Certificate Authority.

Certificate providers, typically, have tools or will assist with generating the CSR. Alternatively, you can use a free service like csrgenerator.com. When you obtain the CSR, be sure to save a copy of the Private Key.

Use the CSR to purchase the SSL certificate, which will provide you with the following required information:

  • Private Key (created during CSR process)
  • Certificate
  • Certificate chain

Your SSL provider should be able to provide you with those if they create a CSR using their interface.

You can start a live chat or create a support ticket to provide us with the information.

4.2 FAQs, Errors & Troubleshooting

Copy chapter anchor to clipboard

Are the SSL certificates you provide free?

Yes they are. We provision SSL certificates from Let’s Encrypt at no cost to you.

How much time does it take for an SSL certificate to be installed?

For most sites, SSL certificates will be applied in a matter of minutes, but the process can take hours or, in rare cases, a full day, depending on how quickly your DNS settings propagate around the world.

Do I need to renew SSL certificates manually?

No, we take care of that for you. As long as your site or domain exists on WPMU DEV hosting, we renew the Let’s Encrypt certificates automatically every 3 months.

Do I need to use custom SSL when using e-commerce?

No you do not. WPMU DEV has you covered as we provision SSL certificates automatically on every site we host. However, you are free to submit a support request for our hosting team to install a custom SSL certificate should you so wish.

SSL is installed, but I don’t see a padlock. Why?

That can be due to any of the following reasons. See the corresponding FAQs below.

DNS looks good to us, but has not yet propagated across the internet.

The DNS for your domain has not yet fully propagated, so the SSL certificate can not yet be provisioned.

In this case, you would see a yellow icon in the SSL Status column for the domain in your Hub or Hub Client with the following message in a tooltip: DNS looks good to us, but has not yet propagated across the internet.

DNS not yet propagated message in the Hub

Our system will check again within the hour and provision the SSL certificate automatically once DNS has fully propagated. So you need only wait until that occurs. See How much time does it take for an SSL certificate to be installed above for more info.

SSL Disabled. Too many failed attempts.

SSL provisioning has been disabled on the domain temporarily due to too many successive attempts to enable it.

In this case, you would see the following error message under the SSL Status column in your Hub or Hub Client: SSL Disabled. Too many failed attempts.

SSL disabled message in the Hub

This can happen if the DNS records are incorrect or, in rare cases, if Let’s Encrypt has rate-limited requests for your domain, or if the IP of your site has been blocked by them.

You’d want to double-check that the DNS records (A, AAAA, CNAME) that you’ve set up at your domain registrar are correct and that they have fully propagated. You can use a free online tool like dnschecker.org for that.

If you still get the SSL Disabled message after confirming DNS is all good, please contact support so our hosting team can investigate and fix things up for you.