WordPress Multi-Site SSL setup on NGINX using Let’s Encrypt

The folllowing tutorial is based off my recent experience setting up a LEMP stack on an Ubuntu installation hosted by Digital Ocean.

Setting up a Multi-Site SSL isn’t difficult. The “gotchas” is in your server block’s .conf file. Before we get to that part, set up your Digital Ocean Droplet before installing WordPress with the following steps:

  1. Initial Server Setup with Ubuntu 16.04
  2. How To Install Linux, Nginx, MySQL, PHP (LEMP stack) in Ubuntu 16.04
  3. How To Secure Nginx with Let’s Encrypt on Ubuntu 16.04
  4. How To Set Up Nginx Server Blocks (Virtual Hosts) on Ubuntu 16.04
  5. WordPress Multi-Site NGINX server block configuration
  6. How To Install WordPress with LEMP on Ubuntu 16.04

Adding domains to your Multi-Site setup

Let’s define some terms before we continue with this tutorial:

  1. “primary-domain.com” = WordPress Multi-Site setup
  2. “satellite-domain-one.com” = 1st child site created under primary-domain.com
  3.  “satellite-domain-two.com” = 2nd child site created under primary-domain.com
  4. etc.

Assuming you’ve already set up your SSL and server block for primary-domain.com, we’ll proceed by attaching additional domains to the primary-domain.com certificate. After adding the satellite domains to your droplet inside your Digital Ocean account, make sure each one is pointing to the default server block. If you don’t see the “Welcome to NGINX” page after you point each satellite domain to your Droplet, you’ll have to create individual server blocks for each before continuing to Let’s Encrypt.


After logging into your Digital Ocean droplet via the terminal, enter the following command:

If you have additional domains you want to attach to your primary-domain.com certificate, append them the command with -d and make sure to add the www subdomain to your root domain like so: -d satellite-domain-three.com -d www.satellite-domain-three.com

After the process is complete, regenerate you Diffie-Hellman Group by entering the following command:

This process will take a while.

Next we’ll create a configuration snippet for each satellite domain pointing to the SSL key and certificate. Enter the following command:

Inside the editor, add the following directives pointing to the certificate and key:

Write out and close the editor. Repeat the previous 2 steps for each satellite domain you added to your Multi-Site setup.

Configuring the Server Block

Instead of creating separate server blocks for each sattilite domain, we will add them to the primary-domain.com server block conf file:

Add your NGINX map directive:

Add after the NGINX map directive:

and after those:

Write out the primary-domain.com config file and close. Test it by entering the following command:

The response you will receive if your .conf files are error free:

Now let’s restart NGINX:

Note that for each satellite domain, we set the root to the primary-domain.com. The root is usually the “Gotcha” as most will usually set the root to root directory of the satellite domain.

On the WordPress side of things

If you haven’t already, install and setup the WordPress MU Domain Mapping plugin.

In Network Admin > Settings > Domain Mapping add your Droplet’s IP address in the Server IP Address field and check options 1-4 in the Domain Options and save.

Under Network Admin > Settings > Domains link your Site IDs to your satellite domains, make sure “Primary” is checked under each domain setup.

Next, download the Really Simple SSL plugin and activate it. Use it to force SSL on each of your satellite sites, and your done.


Unfortunately as of this moment I do not know how to setup Multi-Site SSL on Apache. If you have knowledge on the subject, please leave a comment below.


Click here to receive a $10 credit when you sign up to Digital Ocean