domain mapping using mixed domain names on logon page

I have two domains under multisite using the Multi-Domains plugin to allow user ability to register under either domain. When I enable Domain Mapping, the user/site logon pages start to display mixed content. This is present with and without an SSL (self-generated) in use.

With Domain Mapping on, the browser states script is not being loaded at the logon screen. When you attempt to logon, it does nothing. After looking at the source, it seems the logon page is putting mainsite.tld and secondsite.tld both on the logon page, with the logon credentials being passed to a different domain than the one in the URL bar.

Discovered when attempting to run SSL, but error is also present when SSL is off and Domain Mappings is enabled.

  • Anthony
    • Flash Drive

    Happens on the second domain listed in multi-domain list. The main is xyz.com, and a second is in the list for abc.net. When visiting xyz.com, all works as intended on the logon page. When visiting abc.net, when domain mapping is enabled, the logon formatting is messed up and the logon just loops (won't let you in).

    Remote access is enabled.

  • Nithin
    • Support Wizard

    Hey Anthony,

    Hope you are doing good today. :slight_smile:

    I checked your website, and I could see the issue, and deactivating the Domain Mapping plugin does make it work fine. How are you forcing SSL? I guess it's through .htaccess file. I found a similar thread related to this exact issue:
    https://premium.wpmudev.org/forums/topic/domain-mapping-plugin-causes-mixed-content-error-during-multi-domain-login

    As mentioned in that thread, could you please try forcing the HTTPS via a plugin, and then check whether it works fine.

    Please do let us know whether that works, if not, I'll ask one of the developers to give a closer look at this. Have a nice day. :slight_smile:

    Best Regards,
    Nithin

  • Anthony
    • Flash Drive

    Not forcing SSL via any means. There is a NGINX server certificate in the domain configuration on the server, but it's a normal entry for SSL, nothing fancy. I had it for both domains, tested with both and just one domain, results were the same. When Domain Mappings is enabled, it placed both domains in the secondary domain (Multi Domains/subdomain) on the sign-up page. It's odd, and has to be related to Domain Mappings as it's not there when it's disabled.

    The only settings regarding SSL are the ones put forth by Domain Mappings, unless the user types in https manually. Guess I will have to look into Domain Mappings myself? See where it's generating the logon page info to see if the URL calls are correct?

  • Anthony
    • Flash Drive

    Changes the news.xyz.com site over the https, and pulled up the logon page. Now it gives mixed domain and insecure certificate. This also puts the entire site as https, which is not desired. The only https should be the backed or at minimum the logon page.

    Leaving https on for that domain so you can look at it, site is not live as of yet.

  • Anthony
    • Flash Drive

    Tried that plugin. It has outdated PHP in it and also caused other issues when running. Although you do not see the errors in the interface, debug logs show different. The addon is several years old. While it was installed I tested it, and results were the same. References to logon pages when Domain Mappings is enabled, showed as broken formatting, mixed domains, etc.

    I did remove the HTTPS plugin, only to find it left remnants in the db. Had to perform a restore of site to clean them up effectively. Don't suggest recommending that plugin anymore.

  • Nithin
    • Support Wizard

    Hi Anthony,

    Sorry to know that the workaround didn't help much in here, you didn't have to use that exact plugin, you can find similar plugins here:
    https://wordpress.org/plugins/tags/ssl/

    However, since you have already tested it, and it's really odd that it didn't help much. I tired to access your website through support access, but it seems like the support access got expired, so I wasn't able to check further, could you please revoke, and re-enable access, so that we could give a closer look.

    Please do let us know once you enable support access, so that I could check this with the developer to have a better idea regarding this issue.

    Kind Regards,
    Nithin

  • Rupok
    • Support Ninja

    Hi Anthony,

    Thanks for granting Support Access. I checked your full configuration and found that "Would you like to force https in login and admin pages:" option is set to "Yes" in domain mapping network settings page. I've changed that to "No" and saved.

    Now all your subsite login pages are loading fine without any issue. Can you please check and confirm?

    And regarding your SSL certificate, I ran a test for that and found that your SSL Certificate is mainly for your network main domain and your additional domains are set just as an alternative name. Please check the attached screenshot for reference.

    And if you want to use SSL for your multi-domain subsites too, then you should have wildcard SSL certificate for each of your multi-domains. I'm not sure if adding different domains with subdomains as alternative names works or not. I've not tried this before. Please consult this with your host. They can give you better idea regarding this.

    With the current setup, there is another workaround you can try. That is forcing HTTPS with .htaccess . I'm not sure if that will help but you can surely try. For doing this, please follow this tutorial: https://www.siteground.com/kb/how-to-force-ssl-with-htaccess/
    Replace "yourdomain.com" in this tutorial code with your multi-domain URL. And then check if your multi domain subsites login pages load under HTTPS properly or not.

    Please let us know how it goes. I'm looking forward to hearing from you and resolving this issue as soon as possible.

    Have a nice day. Cheers!
    Rupok

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.