Adding a new site to WordPress Multisite and Gsuite

Ok assuming you have the following stack of providers:

  1. Namecheap for registration of your domain name of
  2. Digital Ocean for running your droplet with the WordPress installation at
  3. Digital Ocean for the DNS service for and for Go to the control panel and go to Network/Manage and then make the A record point to the static IP of the and then create a CNAME for that points to by creating a CNAME that points www to @

Then this is how you configure things to work with SSL and everything else loaded:

  1. Go to Namecheap and point DNS to and
  2. At Digital Ocean, find the Network section and add the domain and make the A record point to the droplet running
  3. Now in, you need to add a New Site and give it the url this will configure the web server properly
  4. At this point you should have non-SSL access to your site and you should be able to browse to and see something

Ok so now what to do, this is pretty unintuitive, you need ssh access to the droplet, so `ssh` and then run:

  1. First you need a configuration file for it, in Apache speak this is called adding a virtual host, these live in /etc/apache2/sites-available and there should be a prototype there. It’s pretty obvious what to do, but basically the file looks like this, but you replace the with whatever the name of your site is and leave it something named like and what it is doing is to declare two alias for and and then the rewrite rules ensure you get the proper name no matter how they the requests come in.
# Added to mitigate CVE-2017-8295 vulnerability
UseCanonicalName On

<VirtualHost *:80>


        DocumentRoot /var/www/html

        <Directory /home/>
            Options FollowSymLinks
            AllowOverride All
            Require all granted

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} [OR]
RewriteCond %{SERVER_NAME}
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]

Then you need to enable this configuration with the command a2ensite which turns it all on and then restart apache with systemctl reload apache2

Finally, you want to save all these files in a GitHub repo somewhere for the day when you lose your configuration.

Now the next step is to get the SSL certificates and create the correct SSL configurations automagically:

  1. certbot is the system that connects to let’s encrypt it will detect that you have this site, if there are multiples, it will ask you about both and If you did the work above correctly, the and should appear automatically in the list. If you just hit enter, it will check everything and add certificates it doesn’t find which is great. It is also smart, if you have an existing certificate for your site, it will “expand” the names recognized as needed.
  2. It will ask you if you want to always use SSL which you do. And make sure to say YES for redirecting insecure to HTTPS.

Once this is done, it automatically gives you a free SSL certificate and will renew that certificate every month or so.

WordPress Configuration

Now that you have this setup, you need to go to the Multisite WordPress Installation and create a subsite:

  1. Go to the network administrator for the “main site” so for instance if it is at, go to Then you want to choose My Sites > Network of Sites > Admin > Add New Site.
  2. The confusing this is that it will force you to create a subdomain of the main site, so you need to make sure this is a unique name like and then when you have added then, you go back to Edit site and change the name to and because of the virtual host stuff, it all just works.
  3. Make sure to use the https prefix as the default is http so you get the SSL security.
  4. Now add users, because this is a multisite, you can add “global” users from the main site or each site can have their unique users. There will be a default admin account created and for my own personal sites, I like to leave my own super admin account.
  5. Finally, you can go to and start the setup of your new domain!
  6. You have the choice of a bunch of default themes, but if you have a Personal or Business theme, try Astra for instance.

Once this is done, you need to get the basic WordPress running:

  1. Connect with JetPack to WordPress and turn on the anti-spam.
  2. Do a quick edit on your site to make it look decent and you are done for now! Walk through the checklist means making sure you have the basics of anti-spam and other configuration loaded.
  3. If you are using Astra, you need to go to the section called Appearance > Starter Templates and pick a nice one. Sierra Industry is a good example of one for a company. Or Entrepreneur if this is a personal site. It imports a complete site with graphics, so it’s really easy to just make changes and you look professional 🙂

Gsuite Configuration

Now the next step is getting mail working. Assuming that you are using gsuite, this is pretty simple:

  1. The big trick is that you go to and make sure you say add “Add-on” domain and not a domain alias. A domain alias is for those cases where you change the name of your company and you want everyone to go from to
  2. In this case, if you just want to add a few names and control them so add-on is appropriate. So the steps are to then verify you controls the domain. Some have direct oauth, but if not, then the easiest way is to add a new TXT record with a GUID that google will give you.
  3. Then you have to wait up to seven days for the record to propagate. This has been as fast as five minutes and as long as 12 hours for me.
  4. Once this is done, then you can go back to Digital Ocean and then choose add MX record, there is actually a button to add Google MX records because it is so common.
  5. At this point you are routing mail too, but it will take time for the records to propagate. Use to see when this happens

Borking is one problem. I did this when I skipped the certbot step and then is completely confused to fix this:

  1. Deactivate Jetpack at the network levels and uninstall
  2. reinstall at the network level and enable all network level things

I’m Rich & Co.

Welcome to Tongfamily, our cozy corner of the internet dedicated to all things technology and interesting. Here, we invite you to join us on a journey of tips, tricks, and traps. Let’s get geeky!

Let’s connect