How do I keep my multisite SSL everywhere with domain mapping?

Hi,
I had been using another domain mapping plugin which worked fine keeping multisite parent and children SSL everywhere. I am switching to WPMU Dev multisite to use the login everywhere feature. The problem I am having is whenever I switch to WPMU Dev SSL is lost on the front ends. I have a multisite certificate that gives no errors on any site admin or front end using the other domain mapping.
It seems like WPMU version is designed to take SSL off front end assuming improper domain mapping and errors? If so, can this be disabled to allow SSL everywhere again? I would love to use this to have the automatic network login feature but I want to keep front end and everything encrypted.

  • Aurelio

    Hi, I've tried that and it breaks other things in my situation. I don't think it's designed for multisite and was not necessary before.
    Previously I was using Wordpress MU Domain Mapping by Donncha O Caoimh and it kept everything SSL as I specified for main. The sign on everywhere for this version seems to be working though, but I don't see the same options in the children site menus and I know this works different. Default behavior is it seems to turn off SSL on the front ends, where the other one did not, and I'm not seeing options in the admin areas to override this. The HTTPS plugin does not work good with this one and my setup, but I don't need it using other domain mapping plugin. Is this designed to be behaving like this and is there an override area I'm missing?
    I completely replaced sunrise.php with your version and deleted this and that one to start fresh. The two versions of sunrise.php were not compatible anyway but that was not an issue, I just wanted to verify I did replace sunrise.
    Thank you

  • Aurelio

    Hey. Not to pressure since I know this takes time. I know I was all over the place, confirming too fast it didn't, then did, then didn't work again, so just want to confirm where I ended up.
    HTTPS plugin gave issues in past with this setup, worked for a few pages but then started giving errors on various pages again. When I deleted https plugin things all came back up. I've been able to restore SSL everywhere in past by deleting this and going back to referenced domain mapping alternative but if possible I'd really love to use WPMU Dev version for the multi sign ons.
    I'd be willing to try other plugins though or any other options, even inserting workaround code in site. Thank you!

  • Aurelio

    I am still learning this plugin behavior. I believe when I switched to it, I also occasionally get kicked out of authentication browsing around within the same site or when I switch sites. Below is an example URL when it happens.
    http://bitpad.net/wp-login.php?redirect_to=http%3A%2F%2Fbitpad.net%2Fwp-admin%2F&reauth=1

    Does it have some sort of scheduled session expiration, after so long or after so many clicks? This does not appear to be happening when I'm inactive, but within a session that I'm just working along. Also the above link it gives me is non-encrypted, so if I were to log in it would be plain text, so I need to go to the admin (https://site/wp-admin) to get an encrypted login link currently.

    I think it's just these two things so far, https being stripped from the end-user/front ends of all sites, and the session seems to expire randomly and it doesn't seem to be logging in all sites all the time. When I get the mid-session logout or re-auth=1 link above, I sometimes have to log back in to a couple of the sites. I will not be able to work on this again until tonight so sorry for any delayed response. thank you!

    • Niklas

      Aurelio, check if your wp-config.php contains something like this:

      define('DOMAIN_CURRENT_SITE', 'bitpad.net');

      Because if it does it might affect other sites in a way that is incompatible with the Domain Mapping plugin. You should be able to comment out that line and still have everything working.

      (or you could try replace it with define('DOMAIN_CURRENT_SITE', $_SERVER['SERVER_NAME']); if removing it causes trouble).

      As an aside, your site seem to be using Apache, you could tell any compatible browser to prefer HTTPS by using HSTS, add this to your .htaccess:

      Header set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS"

      It is not a complete solution, the latter suggestion, but it will make HTTPS connections more robust.

      • Aurelio

        Hi Niklas!
        I will be able to access site and work tonight, but I would like to make sure please. Does this take into consideration I already had domain mapping set up working perfect with SSL everywhere using the Wordpress MU Domain Mapping plugin by Donncha O Caoimh, following exact same instructions in wp-config.php and htaccess as given by your plugin? That one allows https in the child domain mapping but this one explicitly appears locked to http in it's child domain mapping section.
        It is only when I switch to this one that the front end keeps trying to go to http, as if this plugin is deliberately designed to make front end http to avoid possible cert issues. I don't want to "fight" this plugin, because trying to force it to https everywhere after installing this was breaking things. But to confirm, I have certificate, and https everywhere working good when I am not using this one plugin. I would like to please make sure there is not code trying deliberately to switch me to http different places because it seems like intentional, but well-intentioned, perhaps to avoid ssl cert issues which I don't have. Already have things set up good for multisite and SSL, but I am trying to switch to this one for the single-sign on, which is an amazing selling point for my situation, but cannot do if it will strip encryption from front end. Do you think it's my setting, and there is nowhere in this plugin trying to force to http on frond like i've seen with some other well-intentioned mapping plugins? Usually notes say they are doing it to avoid front end cert issues, but I apologize I can't go through all code to understand for sure and would like your confirmation the plugin itself is not trying to switch to http.
        thank you!

  • Aurelio

    Ok. I will try tonight.
    To confirm I spent a lot of time making sure settings for all sites rendered all https front and back end before using this plugin and Wordpress MU Domain Mapping plugin by Donncha O Caoimh kept SSL as I directed for exact same plugins as here, and this plugin is very similar, down to the htaccess and wp-config.php entries needed as well as needing a version of sunrise.php.
    I think this plugin has a well-intentioned code that I have seen in others that renders the front end to http, since it seems very clean and deliberate in doing so, activate this instead, switch to this version of sunrise.php and poof, http on all front ends, use the other plugin and sunrise.php, bingo, it allows my https everywhere, exact same setup down to the other plugins enabled on parent and all child sites.
    I was really hoping the developer could weigh in and say if they are trying to switch to http when I don't want it anywhere for this site or it's children, front end or back end. I would rather not guess or fight the plugin, but if developer could just verify if they are trying to present http on front end I would very very very appreciate as I don't want to waste time fighting this behavior. Single sign on to all sites is an amazing and good feature I'd really love though. thank you.

  • Tyler Postle

    Hey Everyone,

    Thanks for all the questions and involvement here :slight_smile:

    Max, is right. The two options you have are listed here by the dev:

    https://premium.wpmudev.org/forums/topic/i-see-a-number-of-threads-but-not-clear-which-one-would#post-720775

    Domain Mapping is designed for multisite but hasn't played well with SSL. This is common for domain mapping and you will notice it with other major sites as well, squarespace, shopify, and also wordpress.com I believe - they use wildcard SSL's then force the original domain on sensitive pages, instead of forcing ssl on the mapped domain.

    As the developer, Sam, mentioned in the post I linked above, he is currently working on getting a new version released that will add some new features when integrating with SSL's :slight_smile:

    Thanks for your patience guys!

    All the best,
    Tyler

    PS. Max, are you somehow automatically subscribed to all domain mapping threads? I always see you in these ones :p lol thanks for helping out! Sending some points your way.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.