MarketPress not working with SSL

After I added SSL to my subsite, the Add to Cart button doesn’t work, only spins ...
https://monosnap.com/file/bD4bYNM6h0fejrVgf0iO62ca8mJfbm

admin-ajax.php get blocked loading mixed active content. I am using Cloudflare for the SSL as well as a Wildcard SSL on my server. Please help.

  • Adam Czajczyk

    Hello joejacobson

    I hope you're well today!

    The site is running over SSL and using Domain Mapping. However, the setup is quite unusual. Let me explain.

    Currently, you are actually using core WP mapping as all the sub-sites have their own domains added in site settings ("Network Admin -> Sites -> All sites -> [Edit] link for a site -> Settings" page). But:

    - they got those domains set in "Settings" in "Siteurl" and "Home" options but not in "Site Address (URL)" option in "Info" tab (see here: https://codex.wordpress.org/WordPress_Multisite_Domain_Mapping#Update_WordPress)

    - then you also got Domain Mapping enabled which is in fact mapping already mapped domains to the same already mapped domains.

    Is there any reason for such unusual configuration? I'm asking because it's not how it's intended to work and while I'm not sure if this is causing an issue or if there's something more "under the hood", this is - unfortunately - something that might severely affect all the troubleshooting.

    I'll be happy to investigate that further for you but it would be great if you could shed some more light on the current configuration to help me understand why it's set this way.

    Kind regards,
    Adam

  • joejacobson

    Hi Adam,

    Thanks for your quick reply. You had helped me a couple months ago on this same issue, except this case now is slightly different in that my SSL configuration is affecting my Cart in Marketpress. Everything else seems to be working fine.

    Here is the thread from before (quite long): https://premium.wpmudev.org/forums/topic/ssl-for-subdomains-on-a-multisite

    I didn't do any of the configurations you mention above on purpose. Please let me know how to fix that as well as the Marketpress issue.

    I have granted access and given the server credentials in the notes below the Grant Access button.

    Thanks,

  • Adam Czajczyk

    Hi joejacobson

    Thanks for response. I remember that other ticket now but, to be perfectly honest, I don't remember that to be set up that way back then. Though, it's possible that I just missed that as it's not "obvious" and it's not directly visible on "Network Admin -> Sites -> All sites" site list.

    However, I think I got a pretty good idea why that is set that way: to overcome lack of wildcard certificate - which is actually NOT there. I mean, it's either not installed at all or it's not configured properly.

    This all actually "ties up together". The MarketPress issue is caused by a "mixed content" issue under the hood. While the site is loaded over SSL MarketPress needs to call some resources from an original address (the sub-domain) which is not configured there to go over SSL and is actually not even protected with SSL. The current setup is (I'll use example domain)

    - the main site is domain.com
    - the sub-site is sub.domain.com (that's original address)
    - the sub-site is configured as "http://sub-domain.com"
    - with the other.com mapped, using native WP mapping function, as "http://other.com
    - then, on top of it the other.com is again mapped to the subsite via Domain Mapping as "https://other.com

    So, as "other.com" and it's kind of "original" and "mapped" domain at the same time, it is redirected to https:// and is properly protected with its certificate. But the original URL (sub.domain.com) is still fetched over http. That's causing mixed-content error which in turn blocks loading required resource(s), which in turn is causing MarketPress issue.

    It's a bit difficult to explain clearly but I hope you got my point.

    Now, how to fix that? It's easy and a bit complex at the same time but let me try to give you a "step by step" guide.

    1. Wild-card SSL

    This is a "must" here. I know you mentioned that you got wild-card SSL but for some reason there's no wild-card added to your main domain "words... ters.com". It only is a regular single domain certificate that protects "word... ters.com" and "www.word...ters.com". You need to replace it with a proper wild-card certificate. You might need to turn to your host for some help if you are sure that you do own a wild-card certificate for "word...ters.com" - because even if you do have it, it is not applied.

    2. Sites and mapping configuration

    You do not need and should not use "double mapping" (mapping domains via both native WP mapping and Domain Mapping). To fix that config - once you already got wild-card SSL issue solved - you'd want to do the following:

    a) go to "Network Admin -> Sites -> All sites"
    b) find the first site on the list that's got a domain mapped to it
    c) click "Edit" link
    d) In an "Info" tab there, see the value of "Site Address (URL)". It should be something like: http://something.word...ters.com/ so copy that
    e) switch to "Settings" tab there
    f) paste that copied URL into "Siteurl" and "Home" fileds
    g) in both these fields replace "http://" with "https://"
    h) scroll the page all the way down and click "Save"

    You got one site configuration fixed now so repeat these steps a - h for all the sites on the "Network Admin -> Sites -> All sites" list that have a domain mapped.

    Once that's done, you should have the setup fixed, assuming that the wild-card SSL issue has been sorted earlier too. Otherwise it will not help in any way.

    At this point, it should also fix the MP and probably some other (maybe not discovered yet) "mixed content" issues.

    Best regards,
    Adam

  • joejacobson

    Hi Adam,
    Thanks for your detailed instructions. I did contact my host, and it turned out that Let's Encrypt was installed instead of the Wildcard SSL. Now the wildcard ssl is installed, but I did ask them how it covers the subdomains on *wordsandwriters.com and they said the SSL has to be installed for each subdomain. And they charge $5 to install each ssl on the subdomains.

    Since I plan to have hundreds of subdomains, I then asked them if I could install them myself from my WHM, and they said yes, but I don't know how to do that. I did find a help file on their site. Does this sound right to you...I thought (or hoped) that it was all automatic that the subdomains would be covered. I hope I don't need to buy a new SSL for each subdomain on my primary domain. That would defeat the whole purpose of a Wildcard SSL, right?

    I will complete the Sites and mapping configuration as you instructed and then request the Host add the SSL to one subdomain to start to see if everything works with Marketpress. I will start with injoypress.wordsandwriters.com (injoypress.com).

    Thanks and I'll keep you posted.

  • joejacobson

    Hi Again,

    I just got back a message from my host. I had asked them to add the SSL for one of my subdomains, the one having the problem with Marketpress (injoypress.wordsandwriters.com). Here was their response:
    "The domain injoypress.wordsandwriters.com is not managed on this server. You need to set up this as a sub domain in the cPanel before we can complete the install."

    I guess they don't understand how multisites work. Now what do I do?

  • joejacobson

    Hi Adam,

    I found another piece of the puzzle today. I have another subsite running Marketpress, but have not installed an SSL on the mapped domain. In this case, I don't get the error message; the add to cart works and the whole shopping cart appears to be working. Also, I'm not sure if my Wildcard SSL is fully installed and then there is the question of whether the original subdomain has an SSL protecting it.
    That site is http://loveoflifecoaching.com. The subdomain for this coaching site is ronforzani.wordsandwriters.com.

    Still looking for the next step. Thanks,

  • Predrag Dubajic

    Hi joejacobson,

    I must say that I'm a bit confused by all the information provided above, your main domain is wordsandwriters.com, so injoypress.wordsandwriters.com is a subdomain, so it confuses me how injoypress.wordsandwriters.com and wordsandwriters.com are not managed on the same server as your host said?

    If SSL wildcard is set for *.wordsandwriters.com then you shouldn't be setting up separate SSL cert for each subsite, that SSL wildcard should be taking care of that.

    Do you also have SSL cert for your loveoflifecoaching.com domain?

    Best regards,
    Predrag

  • joejacobson

    Hi Predrag,

    Thanks for your reply. I know there's a long history of trying to get this to work. Remember, the mapped domains are covered with the ssl by Cloudflare.

    It seems that the subdomains are now covered by the Wildcard cert. I have some other subdomains that don't have a mapped domain so I can see that they are now automatically covered by the Wildcard cert. However, Marketpress is still throwing the errors as shown below:

    (index):1 Mixed Content: The page at 'https://injoypress.com/' was loaded over HTTPS, but requested an insecure script 'http://wordsandwriters.com/dm-sso-endpoint/1540482567/?dm_action=domainmap-check-login-status&domain=injoypress.com'. This request has been blocked; the content must be served over HTTPS.
    onload @ (index):1
    jquery-migrate.min.js?ver=1.4.1:2 JQMIGRATE: Migrate is installed, version 1.4.1
    search-black.png:1 Failed to load resource: the server responded with a status of 404 ()
    jquery.js?ver=1.12.4:4 Mixed Content: The page at 'https://injoypress.com/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://injoypress.com/wp-admin/admin-ajax.php?action=mp_update_cart'. This request has been blocked; the content must be served over HTTPS.

    And regarding the other subdomain running Marketpress (loveoflifecoaching.com), there is no ssl set up yet on Cloudflare. Marketpress seems to be working on that one now. Maybe that is the problem, some settings in Cloudflare conflicting with Marketpress. There are many settings available in Cloudflare, but I didn't change of the default settings.

    I can give the Cloudflare credentials and maybe one of you can take a look. I will post it on the notes area below the Grant Access button.

    Thanks,

  • joejacobson

    Hello again,

    Sorry for all the posts, but I just check the config as described by Adam for the settings of the subdomain. In this part of the instructions:
    d) In an "Info" tab there, see the value of "Site Address (URL)". It should be something like: http://something.word...ters.com/ so copy that.

    I had a http address and copied that and did the rest of the steps, but whatever I put in for the Siteurl (https://injoypress.wordsandwriters.com) in the Settings tab will change what is in the Site Address (URL) on the Info tab. So now there is the https everywhere and the Site Address will not hold the http.

    Remember, Adam, you did something in the main database. Could that have an impact here.

    Thanks,

  • Adam Czajczyk

    Hi joejacobson

    It's a lot of information about so let me start to address that all (I apologize upfront if I miss something) below. I'll try to summarize that situation.

    First of all, changes that I previously (regarding the other ticket) made in the database wouldn't affect this and especially wouldn't cause any issues related to how the ssl should be installed. To recap, the configuration should be as follows:

    1. main domain.com should have a wild-card subdomain defined (*.domain.com); I believe that's done

    2. there is no need to create any sub-domains for sub-sites; it might be a part of the problem so check and make sure that you actually do NOT have any sub-domains created but only the *.domain.com (wild-card).

    3. you should have a wild-card SSL certificate installed for the domain.com; such certificate would and is covering all the existing and future sub-domains of domain.com; it is by design and there no need to install it for any sub-domain; like there's no need to actually create sub-domains.

    Note: an exception to it would if the host does not support wild-card setup; I'm pretty sure it's not the case here as otherwise you wouldn't be even able to create wildcard subdomains.

    4. if a wild-card configuration of the domain is working and wild-card SSL is installed, that should be all that's necessary for this part; now, if some of the sub-domains are actually not covered by SSL while others are, this would confirm that you might actually have sub-domains created. Let me try to explain it by example:

    - domain.com is main domain
    - it's got *.domain.com setup (it's a wild-card sub-domain)
    - there's a sub-site "something.domain.com" but there is no something.domain.com sub-domain physically created on server - this is a true wildcard, working, your wild-card SSL protects that site
    - there's a sub-site "test.domain.com" but additionally a "test.domain.com" sub-domain physically exists on the server - that's not truly wild-card and on some servers such sub-domain takes precedence over wild-card and might indeed be not protected by already installed wild-card SSL.

    Does it make sense to you so far?

    From what you wrote and from what your host wrote, I assume this might be the case. I'm slightly confused by their statement that "injoypress.wordsandwriters.com" is not hosted on the same server but I believe it's either some misunderstanding or person that assisted you on your hosts sites is not quite competent. I assume it's the former.

    5. The next part is mapping domains and this seems to be clear: you got your mapped domains put through CloudFlare and got SSL certs for them from CloudFlare; that's perfectly fine and as long as that all "wild-card stuff" is working, there wouldn't be anything else to address on that end.

    The bottom line of this is: check wordsandwriters.com domain configuration and see if you got only wild-card configured for it (*.wordsandwriters.com) or if there are additionally some sub-domains specified for it, like injoypress.wordsandwriters.com.

    As for:

    d) In an "Info" tab there, see the value of "Site Address (URL)". It should be something like: http://something.word...ters.com/ so copy that.

    I had a http address and copied that and did the rest of the steps, but whatever I put in for the Siteurl (https://injoypress.wordsandwriters.com) in the Settings tab will change what is in the Site Address (URL) on the Info tab. So now there is the https everywhere and the Site Address will not hold the http.

    That's fine, if I correctly understand you. It should be https, after all we want that all to run over https, right? :slight_smile:

    Best regards,
    Adam

  • joejacobson

    Hi Adam,

    Amazing, I finally got it working! I was about ready to give up and switch to Woocommerce, but then I double-checked my configurations as you suggested, but it was still loading some resources over http, so the cart was not updating. Then, I decided to try the plugin Really Simple SSL one more time. And it worked this time!!! Now everything is loading over https and the cart is working.

    I think what was happening was that my server had the Let's Encrypt AutoSSL running on my server and the Wildcard SSL was secondary. Now the Let's Encrypt is deactivated.

    Thanks for all your help on this issue, and I hope it behaves itself.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.