question about domain mapping and multisite ssl

Hello,

I'm running a subdomain-based multi-site network with domain mapping and SSL. I have wildcard SSL working so all the subdomains work with the wildcard SSL. I have logins and admin sections forcing SSL, so they all use the subdomains instead of the mapped domains. I also have the Marketpress cart page and checkout forcing SSL, so those are excluded from domain mapping. That all works properly.

However, sometimes the system wants to present a mapped domain as https. An example of this is using the Divi page builder preview on a domain-mapped site. I NEVER want the mapped domains to use https, in order to avoid making the users get their own SSL certificates. Is there a way to say that whenever you use the mapped domain, force http and not https? I am OK with coding my own solution and using your filters, but in that case just point me to the proper filter to use.

I tried forcing the front-end pages to use http instead of https, but then when you try to go to the cart (where there are settings to force https and exclude mapping) it ends up in a redirect loop. Therefore, I suspect that forcing http on the front-end is NOT going to be the solution I'm looking for. As always, I appreciate your help! :slight_smile:

Best,
Dave
PS--I discovered the dm_prevent_redirection_for_ssl hook, but it appears to not be called from where I need it to. Specifically, if you're in the Divi builder and you click the eyeball preview icon, it's using the mapped domain, prepending https, and then the browser complains that the SSL cert doesn't match the server name, because the mapped domain doesn't have a cert, only the wildcard for the network.

  • Nastia

    Hello David Thibault

    I hope you are doing well today!

    sometimes the system wants to present a mapped domain as https.

    The mapped domain shouldn not load HTTPS by itseld. Only when it's mapped with HTTPS protocol.

    Would you please make sure that the domains are mapped with HTTP protocol, and not with HTTPS.

    Is there any other way (except Domain Mapping) that you are forcing HTTPS to your site? Through .htaccess or via custom NGINX rewrite rules.

    If not, would you please grant access from WPMU DEV > Support so I can have a closer look?

    Please advise,

    Cheers,
    Nastia

  • Kenneth

    Hello David.

    I am getting grey hair from trying to solve the SSL issue on my multisite.
    Can you help me with this?
    Where did you get a multisite SSL?
    I need to provide my clients with SSL for their checkout (using Stripe) and this really gives me a headache!

    I can see others have similar problems, so if you could help us all in the comunity here, it would be much appriciated.

    BR
    Kenneth

  • David Thibault

    I used SSL.com's wildcard certificate here:
    https://www.ssl.com/ssl-wildcard-certificates/

    I finally did get multisite SSL with domain mapping and marketpress working.

    If you don't want domain mapping as well, it all works easily. If you do want domain mapping, then the crux of it is getting the shopping cart to work across domains. This is because, by design, cookies are not designed to work across different websites for security. If you control both sites, though, then security is not an issue. The way I got around it was to edit the marketpress code (unfortunately) to use memcached to store the shopping cart instead of cookies.

    Best,
    Dave

  • Kenneth

    After I wrote my comment I found a wildcard ssl, and istalled it, and it works fine.

    I dont use Marketpress, I use woocommerce as my webshop sollution. I now have another problem: When I exclude a page to make it use the ssl, then after that, the domain stay with the subdomain, and does not resolve with the mapped domain.

    I have not tested with shopping cart yet
    I imagine only the checkout page needs to be ssl?

    Best
    Kenneth

  • David Thibault

    I had it exclude the pages for my cart, checkout page, and order page from domain mapping so they'd be served via SSL.

    If you want SSL for the mapped domains, you have to pay for an SSL certificate for each mapped domain. For example, if your site network is sitenetwork.com your wildcard would apply to subsite1.sitenetwork.com, subsite2.sitenetwork.com, etc. It would not apply to http://www.customer1.com that is domain mapped to subsite1.sitenetwork.com. In that case if you went to https://www.customer1.com it would give you an SSL error where the URL didn't match the domain in the SSL certificate.

    Hence the crux of the issue I mentioned above. You'll have to exclude cart, checkout, etc from mapping. Then when they add something to their cart, and they're on http://www.customer1.com, it says they have 1 item in their cart. Then they try to go to /cart, they'll go to httpS://subsite1.sitenetwork.com/cart. Now that they've switched host names in the URL, any cookies set on http://www.customer1.com won't be used by subsite1.sitenetwork.com if you're using cookies (this is a browser security feature in all browsers). Therefore, they'll suddenly be told there's nothing in their cart.

    You'll have to figure out how to make WooCommerce use a server-side mechanism (like memcached or mysql) to store the cart info instead of using client-side cookies.

    Best,
    Dave

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.