cloudflare ssl not working on mapped domain

Good day,
I have subsite (https://s1.mychannel.app/southafrica/) which works well with its cloudflare ssl but the domain (https://channelapp.co.za) is not loading with cloudflare ssl

  • Adam Czajczyk

    Hello thebe

    I hope you're well today and thank you for your question!

    I understand that the channelapp.co.za is a domain mapped to s1.mychannel.app/southafrica, is that right?

    The issue here seems to be the certificate. A regular SSL certificate covers a specific domain and this one is issued for s1.mychannel.app domain which means that any attempt of accessing a different domain via https:// connection protected with this certificate will cause browser blocking it.

    You would need a separate, additional certificate for you channelapp.co.za domain. If you're using a free CloudFlare plan, the way to solve that is to actually setup another account for the channelapp.co.za domain (no need to make changes on the server where you Multisite is hosted, though) and set it up for your site and SSL there - just like you did with the s1.mychannel.app.

    If you got any additional questions, let me know, please.

    Kind regards,
    Adam

  • Adam Czajczyk

    Hi thebe

    The setup on screenshots look fine to me. But the domain still seems to be fetching only an original sub-site certificate. That suggests that there's still something "not quite right" with certificate configuration.

    How is that domain configured: is your site using a dedicated IP and the mapped domain is targeted to it via DNS A record or is it some other way? Were is a certificate for it installed?

    Best regards,
    Adam

  • Thebe

    Hi Everyone,

    I just want to let you know that I manage to solve this issue by doing the following;

    First both mapping domain and the mapped domain were running under Cloudflare and using its flexible ssl and that is where the mess started, so I decided to remove both sites out of Cloudflare thinking that maybe Cloudflare is causing trouble.

    I then took back both sites to my google dns and point A records accordingly, now the mapped domain was showing a warning saying that the ssl is not trusted. then after battling for some time, a light bulb came on and it was clear that taking back the domain to my google dns and point the A record to my dedicated IP, I was actually leaving this domain hanging in the air without the certificate because from my experience, if you host your domain with google dns there is no way you can attach a certificate to it unless if its A record is pointing to your server where your certificate is installed (I stand to be corrected).

    So in my case, I had to point the A record to a Dedicated IP used by the mapping domain in my google dns settings (never assume that the certificate for the mapping domain will automatically be shared with the mapped domain when you marry the two, each domain need to have its own certificate).

    So I then decided to leave the mapping domain with google dns and only move the mapped domain back to cloudflare dns to use its free flexible ssl certificate. Now after waiting for a while for servers to propagate.

    As I thought all will work well, I hit the wall again and this time it was the infinite redirect loop error.
    So after googling around I found that I just had to install the Cloudflare flexible pluginFle and clear my cookies and all was perfect after that.

    So I hope this info will help someone.

    Best regards,
    Thebe

  • Adam Czajczyk

    Hi thebe

    I'm happy to hear that you found a solution and thanks for sharing it with us. I'm sure it will help some other Members in future!

    You're absolutely right about that each domain needs its own certificate with domain mapping. That's not a plugin issue but the way certification works :slight_smile: So, if you "leave to domain handing in the air" that will not let you add a certificate to it (as for adding a cert you need to point the domain "to somewhere"). A perfect scenario for mapping is a sub-domain based WP install where here is one wild-card SSL certificate that protects the main site of Multisite and all of its sub-sites under original addresses (sub-domains of main domain) and then a separate single SSL certificate for each mapped domain :slight_smile:

    You ave already explained most of that in your post but I thought it might be worth to summarize, I hope that's fine :slight_smile:

    Thanks again for sharing the diagnose and solution with other Members of our Community!

    Have a great day,
    Adam

  • Thebe

    Hey guys,

    For anyone who has been following this post, you would be aware by now that I mistakenly accused Cloudflare for messing up with the ssl certificates for both my mapping domain and the mapped domain and eventually realized that I was wrong after I put back the mapped domain back to Cloudflare and fix the issue with the simple Cloudflare Flexible plugin (https://wordpress.org/plugins/cloudflare-flexible-ssl/).

    However I noticed that I never mentioned that I eventually also took the mapping domain back to Cloudflare and all was good because initially there was nothing wrong with Cloudflare and the simple solution was the Cloudflare plugin and patience while servers propagate if you just moved to Cloudflare.

    I just thought I should mention that so that no one should assume that mapping and mapped domain can't both be on Cloudflare.

    Happy Domain Mapping,
    Thebe :slight_smile:

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.