Multisite instal, subsite with custom domain SSL question

Hi, What sort of SSL do I need for a Multisite installation where I have one subsite on its own domain. (As an add on domain).

Also, what sort of SSL is needed for other subsites where they are in the format,
http://www.mainsite/subsite

  • Tyler Postle

    Hey Matt,

    Hope you're doing well today!

    Using SSL on your main site and on a mapped domain isn't very easy as you can only have 1 SSL per virtualhost. You can use SNI to add another virtual host, but it can become a fairly technical setup, not something that I have done myself. https://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htm

    A much easier and common solution would be to force the original domain instead of trying to apply https to the mapped one. So on checkout pages you could instead force https://domain.com/subsite/checkout.

    This is also a lot less expensive option as then you only need 1 SSL cert :slight_smile:

    Also, what sort of SSL is needed for other subsites where they are in the format,
    http://www.mainsite/subsite

    Just a basic SSL cert is in this case. As all of the links are within the same domain. SSL certs are linked to a domain - so in your example it will be linked to mainsite.com.

    If any other domain(ie. mapped domain) or subdomain is accessed through https then you will get an invalid certificate error.

    Our Domain Mapping plugin has some very useful options for forcing ssl on specific pages and frontend/backend: https://premium.wpmudev.org/project/domain-mapping/

    Hope this helps!

    Let us know if you still have further questions on this.

    All the best,
    Tyler

  • Tyler Postle

    Hey Matt,

    Option 2 definitely. Option 1, means you would need to create another virtualhost using SNI for every domain you added - I'm sure there would be hosting restrictions on that as well, but just the fact it means you having to manually set something up each time a domain is added makes it a lot less efficient.

    Option 2, still allows you to let sites have their own custom domains, but then you force the original domain(mainsite.com.au/site1) for any pages that need SSL, since you will have the SSL cert for that main domain.

    Let us know if you still have further questions!

    Cheers,
    Tyler

  • Tyler Postle

    Hey Matt,

    Hope you're doing well today!

    You would want just any page where you are sending sensitive information to use https. Example, checkout pages, forms where visitors enter personal info, login forms, registration forms. Those types of pages. Some sites just make their whole site https.

    In your case, using stripe, you would just want to make sure the cart/checkout pages are https.

    Hope that helps!

    Cheers,
    Tyler

  • Matt

    Hi Tyler,

    I've gone ahead and bought an SSL cert.

    Is there a tutorial on anything I need to do with it in terms of wordpress settings in both mainsite and my subsite on its own custom domain.

    Also Within the tools>domain mapping area on the subsite, how am I meant to fill this out to force the subsite on custom domain back to mainsite/subsite for cart and checkout pages.

    In the top section excluded pages only the pages I've created appear there eg about, contact, home, terms and conditions etc.

    thanks

  • Tyler Postle

    Hey Matt,

    Thanks for your reply!

    Is there a tutorial on anything I need to do with it in terms of wordpress settings in both mainsite and my subsite on its own custom domain.

    For the mapped domain? All you need to do is just map it through domain settings then you're good to go :slight_smile: or are you referring to with the SSl cert?

    Also Within the tools>domain mapping area on the subsite, how am I meant to fill this out to force the subsite on custom domain back to mainsite/subsite for cart and checkout pages.

    In the top section excluded pages only the pages I've created appear there eg about, contact, home, terms and conditions etc.

    You can use the "Add page urls below to have excluded" and "Add page urls below to force https" options and enter in the full url :slight_smile: so enter in the non-mapped domain to be excluded, and then that same url to force https.

    Hope that helps!

    Cheers,
    Tyler

    PS. Those boxes are right below the excluded pages list.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.