Problem with Domain Mapping and SSL

We're having a problem with SSL and WooCommerce on a multisite install with the Domain Mapping plugin. When SSL is enabled on the checkout page, the page gets caught in a redirect loop. All was good before we mapped the domain taxpayers.org.au and enabled SSL? Are there recommended debugging steps for this? Have read several posts on the issue but haven't gotten anywhere with them.

  • Bojan Radonic

    Hey there @Mere Agency, hope you're well today!

    Per this thread: https://premium.wpmudev.org/forums/topic/ssl-multisite-sub-domains-and-domain-mapping, this is an ongoing feature request for domain mapping.

    If you want to add a +1 to the thread above, I think we can ensure the dev team has another look at this request and possibly include this in one of the future versions of the plugin.

    Best regards,
    Bojan

  • wp.network

    Hi @Mere Agency

    Using SSL with WPMS - especially with Mapped Domains - can get very complicated very quickly as you seem to be discovering...

    1) Can you post screenshots showing your settings at network>settings>domain mapping as well as a screenshot of the mapped domains tab at that same location, a screenshot of a subsite's Domain Mapping page (admin>tools>domain mapping) would also be good to see... this will likely help WPMUdev Staff diagnose your issue a bit faster...

    1a) also, knowing the domain names in question and your IP address means some of your setup can be easily tested remotely (eg. whatsmydns.net) for common issues...

    2) Can you post your .htaccess file, or at least any portions thereof that are controlling redirects/rewrites to https

    3) I have been working on these issues for the past year and have also read and written many of the threads here (and elsewhere) on the subject and there is a lot of conflicting/outdated info to sift through...

    3a) here is a very recent thread wherein I have provided a great deal of detailed info re. what I have found to work:
    https://premium.wpmudev.org/forums/topic/how-to-setup-ssl-for-mapped-domains

    3b) You will need to adapt the approaches in above thread to scale what I'm doing way back if you're only wanting to use https on certain pages (thread is about doing 100% https networks)... are you already using/planning to use https for login/admin also?

    Hope this can be helpful :slight_smile:

    Cheers, Max

  • Mere Agency

    @PortlandWP - Thanks for this response, and sorry for the delay here. We had some problems logging in, which also seem to be related, but not of as big of a concern...

    1) Can you post screenshots showing your settings at network>settings>domain mapping as well as a screenshot of the mapped domains tab at that same location, a screenshot of a subsite's Domain Mapping page (admin>tools>domain mapping) would also be good to see... this will likely help WPMUdev Staff diagnose your issue a bit faster... Screenshots attached.

    1a) also, knowing the domain names in question and your IP address means some of your setup can be easily tested remotely (eg. whatsmydns.net) for common issues... domain name is http://www.taxypayers.org.au. Network: http://ataw01.taxpayers.org.au/

    2) Can you post your .htaccess file, or at least any portions thereof that are controlling redirects/rewrites to https

    The only part of of the access that deals with redirects/rewrites other than the standard WP is setup by iThemes:

    <IfModule mod_rewrite.c>
    RewriteEngine On

    # Rules to protect wp-includes
    RewriteRule ^wp-admin/includes/ - [F]
    RewriteRule !^wp-includes/ - [S=3]
    RewriteCond %{SCRIPT_FILENAME} !^(.*)wp-includes/ms-files.php
    RewriteRule ^wp-includes/[^/]+\.php$ - [F]
    RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F]
    RewriteRule ^wp-includes/theme-compat/ - [F]

    # Rules to prevent php execution in uploads
    RewriteRule ^(.*)/uploads/(.*).php(.?) - [F]

    # Rules to block unneeded HTTP methods
    RewriteCond %{REQUEST_METHOD} ^(TRACE|DELETE|TRACK) [NC]
    RewriteRule ^(.*)$ - [F]

    # Rules to block suspicious URIs
    RewriteCond %{QUERY_STRING} \.\.\/ [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*\.(bash|git|hg|log|svn|swp|cvs) [NC,OR]
    RewriteCond %{QUERY_STRING} etc/passwd [NC,OR]
    RewriteCond %{QUERY_STRING} boot\.ini [NC,OR]
    RewriteCond %{QUERY_STRING} ftp\: [NC,OR]
    RewriteCond %{QUERY_STRING} http\: [NC,OR]
    RewriteCond %{QUERY_STRING} https\: [NC,OR]
    RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
    RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|%3D) [NC,OR]
    RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(%24&x).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(127\.0).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(globals|encode|localhost|loopback).* [NC,OR]
    RewriteCond %{QUERY_STRING} ^.*(request|concat|insert|union|declare).* [NC]
    RewriteCond %{QUERY_STRING} !^loggedout=true
    RewriteCond %{QUERY_STRING} !^action=jetpack-sso
    RewriteCond %{QUERY_STRING} !^action=rp
    RewriteCond %{HTTP_COOKIE} !^.*wordpress_logged_in_.*$
    RewriteCond %{HTTP_REFERER} !^http://maps\.googleapis\.com(.*)$
    RewriteRule ^(.*)$ - [F]

    # Rules to block foreign characters in URLs
    RewriteCond %{QUERY_STRING} ^.*(%0|%A|%B|%C|%D|%E|%F).* [NC]
    RewriteRule ^(.*)$ - [F]

    # Rules to help reduce spam
    RewriteCond %{REQUEST_METHOD} POST
    RewriteCond %{REQUEST_URI} ^(.*)wp-comments-post\.php*
    RewriteCond %{HTTP_REFERER} !^(.*)org.au.*
    RewriteCond %{HTTP_REFERER} !^http://jetpack\.wordpress\.com/jetpack-comment/ [OR]
    RewriteCond %{HTTP_USER_AGENT} ^$
    RewriteRule ^(.*)$ - [F]
    </IfModule>

    3) I have been working on these issues for the past year and have also read and written many of the threads here (and elsewhere) on the subject and there is a lot of conflicting/outdated info to sift through... Thanks for that thread. Haven't seen that one yet so will start working on it now. :slight_smile:

    3a) here is a very recent thread wherein I have provided a great deal of detailed info re. what I have found to work:
    https://premium.wpmudev.org/forums/topic/how-to-setup-ssl-for-mapped-domains

    3b) You will need to adapt the approaches in above thread to scale what I'm doing way back if you're only wanting to use https on certain pages (thread is about doing 100% https networks)... are you already using/planning to use https for login/admin also? We'd definitely be okay going https completely, but only one this particular site.

    • wp.network

      @Mere Agency

      1) your screenshot of your network>settings>domain mapping>mapped domains tab ...the first entry (for site ID 3) looks really weird to me!!!

      2) answer the following individually please:
      2a) what is your primary network address?
      2b) what is the original network address of the subsite in question?
      2c) what is the mapped address of the subsite in question?

      2d) if http://ataw01.taxpayers.org.au/ is actually your network primary (as your above comment seems to say and screenshots seem to confirm - aside from issue #1 above) then this is a non-standard configuration, fyi. Best practice w/ WPMS using subdomains is to have primary at a domain, not a subdomain (though at least you're not trying to use 'www')... food for thought :slight_smile:

      3) you say above

      When SSL is enabled on the checkout page...

      How did you try to 'enable SSL' on the checkout page? A Woo setting (I've never worked w/ Woo)?

      4) btw, what is the url of the checkout page?

      5) what kind of SSL cert do you have?

      Cheers, Max

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.