Preview posts broken with domain mapping plug-in and SSL

I am running the domain mapping plug-in and I have an SSL certificate on the root domain of the network. I have several other sites on the network, for which I don't have an SSL certificate. But I force all logins over the secure domain and the domain mapping plug-in is set to “original domain” under the network settings. Under this configuration previewing a post generates a 404 error. If I change the domain mapping plug-in to use “mapped domain” or "domain entered by the user" and edit the post using the map domain then previewing posts works.

While I would prefer to use the map domain or domain entered by the user setting, WordPress introduced SSL bug with 3.3 that causes all uploads using the mapped domain to use HTTPS:// in the image link, which then results in images not loading because there is no certificate for that particular mapped domain.

This seems like a bug to me in the way the domain mapping plug-in is handling the preview. Has anyone else reported this? Do you think this is something that can be fixed? Are there any workarounds that anyone is aware of to ensure that uploads don't get SSL links? If I could solve that problem I could set the domain mapping plug-in to one of the other options which would then fix the preview issue. I'm hoping that someone can come up with either a fix or workaround.

Thanks,

  • aecnu

    Greetings brewlabs,

    Thank you for this great question and bringing this significant issue to our attention.

    While I would prefer to use the map domain or domain entered by the user setting, WordPress introduced SSL bug with 3.3 that causes all uploads using the mapped domain to use HTTPS:// in the image link, which then results in images not loading because there is no certificate for that particular mapped domain.

    WordPress introduced SSL bug with 3.3 that causes all uploads using the mapped domain to use HTTPS:// in the image link,

    Addressing the SSL Certificate issue a wild card SSL certificate would be the appropriate SSL Certificate to be using to deal with the WordPress 3.3 issue you mentioned - though having it addressed by WordPress would be the most cost effective solution.

    We do our best here to help you with any WordPress issues at all, so let's see what we can do!

    It might take a bit longer than a normal ticket, but I will see if I can get the lead developer in here to assist / give you some advice... and to see if we can help you hack it in for the moment.

    Thank you for being a WPMU Dev member!

    Cheers, Joe

  • brewlabs

    Thank you for the quick response. I do have another site with a multi-domain certificate because I own all of the domains and was able to verify ownership. With a valid certificate everything works as expected. It seems to only break when you do not have a valid certificate. Unfortunately, a wildcard certificate is not an option because there are numerous different domains as opposed to a bunch of *.domain.com. I also can't verify ownership of every domain to get a multi-domain certificate for each site. Plus maintaining the cert as I add additional domains is somewhat untenable. I like having SSL so that passwords are encrypted.

    Let me know what you guys come up with. If there's anything I can do to help you test or provide you with any additional information just let me know. I can certainly create a site on the network and give you access that helps.

    Thanks,

  • aecnu

    Greetings brewlabs,

    Thank you for being a WPMU Dev member!

    To answer an earlier question of yours - no nobody else is reporting a similar problem.

    I do not have an answer because as you mentioned "WordPress introduced SSL bug with 3.3 that causes all uploads using the mapped domain to use HTTPS:// in the image link" and I cannot reproduce this error.

    However, I am not using SSL for logins or any other function of my MultiSite except for payment processing but that is provided on the gateways side.

    Is there any chance that you reported this bug to WordPress?
    and if so what was their response?

    Thanks again for being a WPMU Dev member.

    Cheers, Joe :slight_smile:

  • aecnu

    Greetings brewlabs,

    Just checking if this issue was eventually resolved in another thread? Or by yourself separately to us? Or by us over email with you? Or using our live support?

    If so, no need to reply, that's great news.

    If not, or you have any more questions related to this thread, please feel free to post them below including any new symptoms or errors and tick the 'Mark as Not Resolved (re-open)' box below the post area (or else we'll miss it!)

    Otherwise, happy days, glad you got it sorted :slight_smile:

    Thank you for being a WPMU Dev member!

    Cheers, Joe :slight_smile:

  • brewlabs

    The only way I was able to resolve the issue was to switch back to the free domain mapping plug-in available on WordPress.org. I was originally running that plug-in. I wanted to switch to the WPMUdev version but it looks like it's not meant to be. I would file a bug with WordPress, but I have never done so and I'm not really sure of the process.

    I'm not sure why you can't reproduce the error. If you use a self signed certificate you should be able to re-create the problem if you force ssl_admin (define('FORCE_SSL_ADMIN', true);. If you use a valid certificate that is valid for every mapped domain there is no problem. I'm really only trying to secure logins and can't acquire a certificate for every mapped domain on the multisite. For some reason with your plug-in and a nonvalid certificate (or least one where the names don't match) previewing posts is broken.

    So basically I'm stuck being unable to use your plug-in. If you have any further advice about how to file bug I would be interested. Otherwise you can close the case I suppose.

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.