Can't get domain mapping to work on SSL

I've been trying for 2 days now but no luck.

This is my current conf:

1. WordPress (subfolder) Multisite
2. Installed it using easyengine with nginx
3. Server on digital ocean

My wp.config.php

define('WP_CACHE', true);
define('FORCE_SSL_LOGIN', true);
define('FORCE_SSL_ADMIN', true);
define('WP_MEMORY_LIMIT', '256M');
define( 'WP_POST_REVISIONS', 3 );
define('WP_DEBUG', false);
define('SUNRISE', 'on');
define('WP_DEBUG_LOG', true);
define('WP_ALLOW_MULTISITE', true);
define('WPMU_ACCEL_REDIRECT', true);
define('MULTISITE', true);
define('SUBDOMAIN_INSTALL', false);
$base = '/';
define('DOMAIN_CURRENT_SITE', 'conversionpage.com');
define('PATH_CURRENT_SITE', '/');
define('SITE_ID_CURRENT_SITE', 1);
define('BLOG_ID_CURRENT_SITE', 1);

My .htaccess

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]

# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]

My /etc/nginx/sites-available/conversionpage.com conf:

#
# Rewrite http requests to https
#

server {
listen 80;
server_name 104.131.121.229;
return 301 https://conversionpage.com$request_uri;

}

server {
listen 80;
server_name conversionpage.com;
return 301 https://conversionpage.com$request_uri;

}

#
# Rewrite requests for http://www.yourdomain.ext to https://yourdomain.ext
#
server {
listen 80;
server_name http://www.conversionpage.com;
return 301 https://conversionpage.com$request_uri;

}

server {
listen 443 ssl;
listen [::]:443;

ssl_certificate /etc/nginx/ssl/conversionpage_com/ssl-bundle.crt;
ssl_certificate_key /var/www/conversionpage.com/cert/conversionpage.com.key;
access_log /var/log/nginx/conversionpage.com.access.log rt_cache;
error_log /var/log/nginx/conversionpage.com.error.log;

root /var/www/conversionpage.com/htdocs;
index index.php index.htm index.html;
include common/php.conf;
include common/wpsubdir.conf;
include common/wpcommon.conf;
include common/locations.conf;

# Make site accessible from http://localhost/
server_name conversionpage.com;

}

What am I doing wrong?

For example, I can't map http://osta.eu to https://conversionpage.com/testime/ (says "invalid" or red popup when "Verify domain's DNS settings is YES")

I also disabled all (not domain mapping) plugins for now.

I think since I get redirected to nginx when I click on http://osta.eu (domain with the A record) , the culprit might be server block settings?

  • Ivan

    Hey Margus,

    Hope you are having great weekend so far!

    First of all Nginx doesn't obey .htaccess files and the don't do anything, they affect only Apache.
    You will need to translate the .htaccess to Nginx rules - I just found this site - http://winginx.com/en/htaccess
    However I haven't test it myself in real situation, but you should be good as long in your .htaccess there is only mod_rewrite rules.

    Other solution would be to install Apache and use this .htaccess
    You can also check this thread - https://premium.wpmudev.org/forums/topic/how-to-setup-ssl-for-mapped-domains
    But please if you have any questions don't jump there, just ask them in this thread.

    Thanks,
    Ivan

  • Margus

    Ok, so the internal error was for "Options All -Indexes" in .htaccess and fixed it.
    <Directory />
    Options FollowSymLinks
    AllowOverride All
    </Directory>

    Now my apache2.conf looks like this:

    ServerRoot &quot;/etc/apache2&quot;
    Mutex file:${APACHE_LOCK_DIR} default
    PidFile ${APACHE_PID_FILE}
    Timeout 300
    KeepAlive On
    MaxKeepAliveRequests 100
    KeepAliveTimeout 5
    User ${APACHE_RUN_USER}
    Group ${APACHE_RUN_GROUP}
    HostnameLookups Off
    ErrorLog ${APACHE_LOG_DIR}/error.log
    LogLevel crit
    IncludeOptional mods-enabled/*.load
    IncludeOptional mods-enabled/*.conf
    Include ports.conf
    Include /etc/phpmyadmin/apache.conf
    <Directory />
        Options FollowSymLinks
        AllowOverride All
        <Limit PUT DELETE CONNECT OPTIONS PATCH PROPFIND PROPPATCH MKCOL COPY MOVE LOCK UNLOCK>
            deny from all
        </Limit>
    </Directory>
    
    <Directory /var/www>
            Options FollowSymLinks
            AllowOverride All
    </Directory>
    
    <Directory /usr/share>
            AllowOverride None
            Require all granted
    </Directory>
    
    AccessFileName .htaccess
    
    <FilesMatch &quot;^\.ht&quot;>
            Require all denied
    </FilesMatch>
    
    AccessFileName .htaccess
    
    <FilesMatch &quot;^\.ht&quot;>
    	Require all denied
    </FilesMatch>
    
    LogFormat &quot;%v:%p %h %l %u %t \&quot;%r\&quot; %>s %O \&quot;%{Referer}i\&quot; \&quot;%{User-Agent}i\&quot;&quot; vhost_combined
    LogFormat &quot;%h %l %u %t \&quot;%r\&quot; %>s %O \&quot;%{Referer}i\&quot; \&quot;%{User-Agent}i\&quot;&quot; combined
    LogFormat &quot;%h %l %u %t \&quot;%r\&quot; %>s %O&quot; common
    LogFormat &quot;%{Referer}i -> %U&quot; referer
    LogFormat &quot;%{User-agent}i&quot; agent
    
    IncludeOptional conf-enabled/*.conf
    IncludeOptional sites-enabled/*.conf
    
    <DirectoryMatch ^.*/wp-content/uploads/>
      AllowOverride None
      php_flag engine off
      php_admin_value engine Off
    </DirectoryMatch>
    
    <DirectoryMatch ^.*/wp-content/blogs.dir/>
      AllowOverride None
      php_flag engine off
      php_admin_value engine Off
    </DirectoryMatch>
    
    <DirectoryMatch ^.*/wp-admin/>
      AuthType Basic
      AuthName &quot;Restricted Area&quot;
      AuthUserFile /etc/apache2/.htpasswd
      Require valid-user
    </DirectoryMatch>
    #<VirtualHost *:80>
    #   ServerAdmin webmaster@osta.eu
    #   DocumentRoot /var/www
    #   Servername 178.62.46.138
    #   ServerAlias osta.eu http://www.osta.eu
    #</VirtualHost>
    
    <VirtualHost 178.62.46.138:443>
    DocumentRoot /var/www
    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl/osta_eu.crt
    SSLCertificateKeyFile /etc/apache2/ssl/osta.eu.key
    SSLCACertificateFile /etc/apache2/ssl/ssl-bundle.crt
    </VirtualHost>
    
    <VirtualHost 178.62.46.138:80>
       ServerName osta.eu
       Redirect permanent / https://osta.eu/
    </VirtualHost>
    
    # vim: syntax=apache ts=4 sw=4 sts=4 sr noet

    and .htaccess

    <IfModule mod_rewrite.c>
    Options All -Indexes
    RewriteEngine On
    # BEGIN Remove 'www.' from all urls
    RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
    RewriteRule ^.*$ https://%1/%{REQUEST_URI} [R=301,L]
    # END Remove 'www.' from all urls
    # BEGIN Custom Mapping for Subdirectory Subsites w/ Mapped Domain
    RewriteCond %{REQUEST_URI} !/?wp-(admin|content|includes|login) [NC]
    RewriteCond %{QUERY_STRING} !preview=true [NC]
    RewriteRule ^(.*)-dot-(.*)/.*$ https://$1.$2/%{REQUEST_URI} [R=301,L]
    # END Custom Mapping for Subdirectory Subsites w/ Mapped Domain
    # BEGIN Catch-All SSL Address Control
    RewriteCond %{HTTPS} !=on
    RewriteRule ^.*$ https://%{HTTP_HOST}/%{REQUEST_URI} [R=301,L]
    # END Catch-All SSL Address Control
    
    RewriteEngine On
    RewriteBase /
    RewriteRule ^index\.php$ - [L]
    
    # add a trailing slash to /wp-admin
    RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
    
    RewriteCond %{REQUEST_FILENAME} -f [OR]
    RewriteCond %{REQUEST_FILENAME} -d
    RewriteRule ^ - [L]
    RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) $2 [L]
    RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
    RewriteRule . index.php [L]
    </IfModule>

    I still get the invalid red text when mapping domain.

    Also one thing that confuses me in the attached image. Why does it say "Domain(s) mapped to http://osta.eu/test/&quot; , should it not say https:?
    No clue where wordpress takes it, everything in db is https.
    And the same problem applies to https://premium.wpmudev.org/forums/topic/multisite-is-not-forcing-ssl-url-slug-on-new-sites what I have here.

    • wp.network

      @Margus

      1) thanks for the catch w/ 'Options All -Indexes' I have seen it break things on some servers as well, your solution is a good one!

      2) You are using some rules that I developed for subdirectory networks that work kinda funky...
      2a) My whole deal is that I don't want to have to write a new block of code for EVERY mapped address, and that I have to do so before the site is really 'setup' is even worse! so...
      2b) the above rules assume you follow a naming convention when creating subsites which will have a mapped domain (you can totally change the convention used, all that is important is that it follows a predictable pattern)
      2c) the pattern that the rules are currently written to work with is as follows:

      assumptions:
      a) if primary address is: primary.tld
      b) and if subsite's mapped address will be: mapped.newtld
      c: then subsite's original network address MUST be: primary.tld/mapped-dot-newtld

      The rewrite block that accomplishes this is:

      # BEGIN Custom Mapping for Subdirectory Subsites w/ Mapped Domain
      RewriteCond %{REQUEST_URI} !/?wp-(admin|content|includes|login) [NC]
      RewriteCond %{QUERY_STRING} !preview=true [NC]
      RewriteRule ^(.*)-dot-(.*)/.*$ https://$1.$2/%{REQUEST_URI} [R=301,L]
      # END Custom Mapping for Subdirectory Subsites w/ Mapped Domain

      (.*)-dot-(.*) matches against path value in requests to primary.tld/mapped-dot-newtld, captures the two values, and then they're rewriten to https://mapped.newtld/%{REQUEST_URI}

      The rules also assume that you are using original network addresses for login & admin (w/ https options at network>settings>domain mapping set to 'off'), fyi.

      3) Also, I notice from your screenshot that your mapped domain has been setup to use http as its schema rather than https -
      as you seem to have noticed...
      3a) see https://premium.wpmudev.org/forums/topic/how-to-setup-ssl-for-mapped-domains#post-803574 for screenshots & descriptions of how to setup/change mapped domains to use https instead.

      4) So, delete the domain mapping for 360thai.com and (unless you want to keep it as a test site w/o domain mapping) and then delete the /test/ subsite.

      5) Create a new subsite with the site address: https://osta.eu/360thai-dot-com/

      6) Also, as I detail in the thread you got the rules from, you will also likely need to adjust the SITEURL and HOME values in wp_options (in database) to use https instead of http
      6a) There are plugins that can obviate above if you like them better (like SSL Insecure Content Fixer), personally, I do above and sometimes also use the plugin for additional measure...
      6b) Save subsite permalinks

      7) Then map the domain to this subsite (using the dropdown menu to select 'https').

      Have any Qs? Happy to answer 'em if I can :slight_smile:

      Cheers, Max

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.