Domain Mapping with SSL rewriting to drop the SSL

I am running domain mapping on a multisite network which contains a UCC SSL certificate with Subject Alternative Names. On the root domain and non-mapped subdomains, the SSL connection works fine. However on mapped domains it is dropping out of SSL. If I try to force SSL (with a plugin like Wordpress HTTPS), I get into a vicious cycle of dropping/forcing/droping/forcing/etc until it finally gives up and throws an error.

Is there something in the Domain Mapping plugin that is intentionally preventing it from staying in SSL? This was all working for quite a while, and I can't tell when it stopped working.

My root site is NimbleWebs.com. An example mapped domain is KenJustice.com mapping to kenjustice.nimblewebs.com. If you look at the details of the certificate you can see that KenJustice.com is a valid SAN.

Thanks!

  • Tyler Postle
    • CGO

    Hey Ken,

    Hope you're doing well today and thanks for your question!

    In a recent version we added in more support for SSL's as far as forcing https or not. You can find these options in your network admin > Settings > Domain mapping.

    I have attached a screenshot as well. These should only be affecting the original domain; however, perhaps they are causing a conflict with the mapped domain as well.

    Try setting them to just to "no" if you don't need them and are using WordPress https plugin or set them to force https.

    Let us know if this does the trick :slight_smile:

    All the best,
    Tyler

    • Ken J
      • Design Lord, Child of Thor

      Sorry, I accidentally added a new comment instead of responding to this comment. Here it is again in case you only see the replies to your comment.

      Thank you for the quick reply!

      Unfortunately both of those options are already set to 'No'.

  • Zyniker
    • WordPress Warrior

    I believe I may be experiencing an error related to this one. One of my sites has has a /payments/ page which is forced to https:// by the server. After the most recent update to Domain Mapping (at least that seems to be the only change), this page experiences a redirect loop (i.e., http:// to http:// and back to http:// to start the loop again) and throws an error. I have had my hosting provider (WP Engine for this particular site) confirm that the problem is not on their end.

    If a dev would like backend access to take a look at things, please let me know.

  • Michelle Shull
    • DEV MAN’s Apprentice

    Hi there, @Zyniker and @Ken J!

    Zyniker, can you open a new thread with support access granted? You can do that via the WPMU Dev dashboard.

    Ken - would you also mind granting support access? If this is ok, just grant me temporary admin access to your site by clicking "Grant Access" button in the WPMU DEV Dashboard Settings from the following path and reply on this thread after granting it?

    Admin -> WPMU DEV -> Support -> Support Access Tab

    If you have not installed WPMU DEV Dashboard plugin yet, kindly do that here : https://premium.wpmudev.org/project/wpmu-dev-dashboard/ and then allow access as per the above process.

    Thanks, fellas!

    • Ken J
      • Design Lord, Child of Thor

      I am concerned about forcing https on the front-end pages for the entire network. About half of the sites I run do not require https, and therefore my UCC SSL certificate does not cover them. When visitors go to those particular sites, they will be greeted with a big ugly security warning.

      Domain mapping should be able to run in mixed mode, as it has done just fine in the past. Was this just a troubleshooting step? Is there another path we can take? I'm sorry to be difficult, but I can't leave my customers' customers hanging like that.

  • Tyler Postle
    • CGO

    Hey Ken,

    Thanks for getting back to us!

    It's interesting that this was working fine before and just recently stopped. Are you thinking it's due to a recent update? Unfortunately this is difficult for me to test as I don't have a UCC SSL cert. I have just a normal cert on one of my subdirectly installs and it's working fine, but of course it isn't dealing with any mapped domains which is the problem here.

    What you can do, is roll back to a previous version and test that out to see if it works then? That will help narrow down the issue. Our domain mapping developer isn't online right now; however, if that doesn't bring us any new information then I can ask him what he thinks on this as well when he's back :slight_smile:

    Either way, we will help get to the bottom of this for you!

    You can rollback your domain mapping version by going to the product page and the changelog, then clicking on the version you want to download. Deactivate and remove your current version then upload/activate the previous version.

    Look forward to hearing back here Ken!

    Cheers,
    Tyler

    PS. Attached a screenshot to illustrate downloading the previous version.

  • Ken J
    • Design Lord, Child of Thor

    I have yet to perform this reverting troubleshooting, as I have another problem with Pro Sites settings being lost. I'll get back to this after I have resolved that one.

    In the meantime, I noticed that there is a new Domain Mapping version 4.2.0.4. Is anything in this release related to fixing my issue, or shall I continue with the reverting?

    Thanks!

  • Zyniker
    • WordPress Warrior

    @Ken J, it looks like the recent version of Domain Mapping does contain some updated logic regarding SSL; however, it might not fix your issue. In my case, mentioned supra, the redirection loop is now fixed, but the regex on the backend to require SSL on certain pages is now being ignored (e.g., the /payments/ page which should be forced to SSL loads only on http:// and, in fact, redirects to http:// from https://).

    @Michelle Shull, I'll open another thread (probably later this evening when I have a bit more free time) and grant support access so you can poke around and try to figure out what is happening. Let me know if you'd like server logs or anything else (though I didn't notice anything helpful when I looked at them earlier). Right now I have the support team from WP Engine seeing if they can narrow down what is causing the issue, and I'll update on the new thread with any information they obtain.

  • Tyler Postle
    • CGO

    Hey Guys,

    Thanks for your follow ups here!

    I spoke to the developer on this and it likely has nothing to do with the fact you're using a multi-domain cert.

    SSL support for mapped domains was recently added in, so the WordPress https plugin is no longer needed. When you added your domain you are likely using http (screenshot attached).

    If so, then DM is trying to force http while you are trying to force https thus the vicious cycle of dropping/forcing.

    Also, in the latest version, Sam(developer) has added in a "force none" option. Where DM does nothing about the schema and you can control the forcing/unforcing through other means, this is the option you should use if you want to keep using the https plugin.

    Try this out and let us know how it goes Ken! Thanks for all your patience on this.

    Have a great rest of your day guys :slight_smile:

    All the best,
    Tyler

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.