HTTPS Only Main Domain + Domain Mapping Best Practices

I got an SSL certificate for my multisite installation's main domain. I would like to make sure it applies only to the main domain, front and back end, without affecting sub-sites. No solution I find seems to address this specific issue without resorting to use a wildcard SSL certificate.

I am also looking for to sell this upgrade to clients who want to purchase a certificate—we do everything for them.

A. What are the ideal Domain Mapping settings based on these questions?
B. What is the best procedure to upgrade a mapped domain of a client?

  • Nastia

    Hello TNNVTR

    I hope you are doing well today!

    If you have purchased a non multisite SSL certificate the SSL should apply only to your main domain and not to your subdomains if you are using a WordPress subdomain network. Which means you will have to set up Wildcart subdomain

    Please note, if your WordPress site is with subdirectory network, then the SSL protocol will be applied to your subdomain by default.

    A. What are the ideal Domain Mapping settings based on these questions?

    I'm afraid this setup may cause some mixcontent errors on your site. You will have to manually add rules to the .htaccess file for each subsite.

    <IfModule mod_rewrite.c>
    RewriteEngine On
    # Go to https if not on a subdomain
    RewriteCond %{SERVER_PORT} =80
    RewriteCond %{THE_REQUEST} !/subdomain/[\s?] [NC]
    RewriteRule ^(.*)$ https://www.mywebsite.com/$1 [R,L]
    
    # Go to http if you are on a subdomain
    RewriteCond %{SERVER_PORT} !=80
    RewriteCond %{THE_REQUEST} /subdomain/[\s?] [NC]
    RewriteRule ^(.*)$ http://www.mywebsite.com/$1 [R,L]
    </IfModule>

    Please keep the original .htaccess file, so if something will go wrong, you could restore it.

    B. What is the best procedure to upgrade a mapped domain of a client?

    Would you please elaborate and let us know what you mean with "upgrade a mapped domain"?

    Please advise,

    Kind Regards,
    Nastia

  • TNNVTR

    Hi Nastia,

    I tried your .htaccess solution. What ended up happening was:

    1. The main domain did switch to HTTPS.

    ...but:

    2. All sub-sites, mapped or not, ended up being redirected to the main domain automatically.

    WHAT I NEED

    1. Main domain is forced to NON-WWW + HTTPS on the front and back end.

    2. NON-mapped domains like http://scd.phantbox.com stay as NON-WWW and NON-HTTPS on the front and back end.

    3. Mapped domains like http://beerowl.com stay as NON-WWW and NON-HTTPS on the front and back end.

    This setup might require a combination of Domain Mapping + .htaccess settings.

    TNNVTR

  • Nastia

    Hello @TNNVTR

    I hope you are doing well today!

    Is the main domain created with the WWW or without WWW?

    Note: please create a backup of your site before making any changes.

    1. If the main domain created with WWW, put the following in the .htaccess file:

    # BEGIN NON-WWW REDIRECT TO WWW
    RewriteCond %{HTTP_HOST} ^domain.com [NC]
    RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,NC]
    # END NON-WWW REDIRECT TO WWW

    Put it above all the other code and replace the domain.com with your real domain name.
    Then if the subsites still redirecting to your main domain, go to your database and look up the wp_blogs and wp_sites tables. See if you have www and non-www mixed up in there.

    To activate SSL across your network, go to your network admin’s dashboard > Settings > Domain Mapping and scroll down to the section labeled Force http/https (Only for original domain).
    Check on force HTTPS.

    - In the section " Would you like to force https in login and admin pages:" select "Yes"

    - In the section "Would you like to force http/https in front-end pages:" select "Force https:"

    2. If you purchased a standard SSL certificate, that applies only to your main domain, and it shouldn't apply to your subsite scd.phantbox.com .

    In case your main domain is already without a WWW, the subsites will be non-WWW as well

    3. This should not be an issue. Once you map a domain with the HTTP protocol, it stays this way. If you have a mapped domain loading with HTTPS, make sure that you have mapped a domain with HTTP protocol.

    And if you wish to avoid a WWW on a mapped domain, please map a domain name as it is, without WWW.

    I hope this helps!

    Cheers,
    Nastia

  • TNNVTR

    Hi Nastia,

    That solution does not work, unfortunately for me—but it might work for someone else!

    Just so you know I am an advanced user.

    SOLUTION TO THE PROBLEM

    .HTACCESS - FORCE NON-WWW FOR EVERYTHING

    RewriteEngine on
    RewriteBase /
    RewriteCond %{HTTP_HOST} www.(.*)$ [NC]
    RewriteRule ^(.*)$ http://%1/$1 [R=301,L]

    .HTACCESS - FORCE NON-HTTPS ON SUB-DOMAINS

    RewriteEngine On
    RewriteCond %{HTTPS} off

    RewriteCond %{HTTP_HOST} !=subdomain1.website.com
    RewriteCond %{HTTP_HOST} !=subdomain2.website.com
    RewriteCond %{HTTP_HOST} !=subdomain3.website.com

    Each sub-domain must be added.

    .HTACCES FORCE NON-HTTPS ON MAPPED DOMAINS

    Add the mapped domain below each sub-domain IF available like so:

    RewriteCond %{HTTP_HOST} !=subdomain1.website.com

    RewriteCond %{HTTP_HOST} !=subdomain2.website.com
    RewriteCond %{HTTP_HOST} !=mymappeddomainssubdomain2.com

    RewriteCond %{HTTP_HOST} !=subdomain3.website.com
    RewriteCond %{HTTP_HOST} !=mymappeddomainsubdomain3.com

    I will keep an eye on it and, IF everything is good, I will close the ticket.

    Stand by,

    TNNVTR