SSL HTTPS wildcard certificate on Multisite with new updated Domain Mapping plugin?

Okay. I just had my VPS provider install a Comodo Wildcard cert on my VPS. It covers the main site (domain) and all sub-sites (sub-domains). If I use the newly updated Domain Mapping plugin, do I still need to change my wp-config.ini file and .htaccess file as described here: https://premium.wpmudev.org/blog/ssl-https-wordpress/ ???

I get nothing but errors and redirects using those instructions. I've read several posts with various versions of code for config and htaccess files and get more and more errors. Isn't the newly updated Domain Mapping Plugin supposed to take away all this confusion? Help!!

Could I impose on someone to give me a step by step outline to access a wildcard cert on a multisite using the domain mapping plugin with several domains mapped to several sub-domains (sub-sites)? Some sub-sites will want to use SSL, some will not.

I also have a few questions:
1. Can I use Parking or Add-on to make a mapped domain to a sub-domain appear to be under the SSL?
2. Even for login? (https://sub-domain.maindomain.com/wp-admin as http(s)://mappeddomain.com/wp-admin.)
3. If not Parking or Add-on, can I direct a mapped domain page to resolve to its sub-domain page that is under the SSL? (http://mappeddomain.com/page to https://sub-domain.maindomain.com/sslpage)
4. Will adding the Multi-Domain Plugin create new problems?

Thank you!
Chuck S.

  • Tyler Postle

    Hey Chuck,

    Hope you're doing well today!

    Isn't the newly updated Domain Mapping Plugin supposed to take away all this confusion?

    Are you referring to the forcing of SSL? Then yes :slight_smile: in-fact, DM has been able to control that for a few versions now. You can remove any added code that you entered while following the blog post there.

    Could I impose on someone to give me a step by step outline to access a wildcard cert on a multisite using the domain mapping plugin with several domains mapped to several sub-domains (sub-sites)? Some sub-sites will want to use SSL, some will not.

    Long as the SSL cert is installed correctly, then you can force SSL on all the original domains via:

    Network admin > Settings > Domain Mapping.

    Then scroll down to "would youlike to force http/https in front-end pages" and select "Force https".

    However, we will run into an issue here as you don't want all of them to be forced to https. So with that said, it might be easier to set this option to "No" so no forcing of any kind happens, then install this plugin: https://wordpress.org/plugins/wordpress-https/

    That one should allow you to force on a per site basis :slight_smile: just make sure you set the domain mapping forcing options to "No" otherwise you will likely get redirect errors.

    1. Can I use Parking or Add-on to make a mapped domain to a sub-domain appear to be under the SSL?

    2. Even for login? (https://sub-domain.maindomain.com/wp-admin as http(s)://mappeddomain.com/wp-admin.)

    You want to force https on a mapped domain? This isn't possible as the wildcard SSL will only cover the subdomains and main domain. So you would get security errors if you tried to do this; however, the recent DM update includes a very handy feature that lets you exclude pages from mapping". This is super useful for store checkouts, because your original domain will be https but the mapped one won't. So now on checkout pages you can exclude the mapping and force the orginal ssl domain.

    As for logins, for those to be https you will need to select "Original domain" in the domain mapping settings under the "login mapping" option.

    3. If not Parking or Add-on, can I direct a mapped domain page to resolve to its sub-domain page that is under the SSL? (http://mappeddomain.com/page to https://sub-domain.maindomain.com/sslpage)

    Sure can :slight_smile: as mentioned above. To do this, go to the domain mapped sites dashboard then:

    Tools > Domain Mapping.

    You will see a new "Excluded Pages" grid. Screenshot attached.

    4. Will adding the Multi-Domain Plugin create new problems?

    Only the primary domain that you have an SSL cert for will work with https. You can still use Multi-Domains, just not force https on the other domains you use.

    Hope this helps! Let us know if you have any further questions.

    All the best,
    Tyler

  • ChuckS

    @Tyler,
    You are absolutely awesome! You don't know how much you just saved me. Also, I was wondering about using the WordPress-https Plugin. Thanks!

    Now that I have a basis to start from I will now experiment on some of the nuances. Just please confirm one thing:
    "You can remove any added code that you entered while following the blog post there." I do not need to make any changes to my original wp-config and htaccess files. Right?

    One more question if I could be so bold. I want to have companies on two sub-domains and use the Multi-Domain plugin with mapped domains so clients can choose which domain they want their subsite on. For SSL on those mapped domains and their sub-domains (different from the mainsite domain), would I have to purchase two more Wildcard Certs or just two Domain certs? Is there a way (Parking or Add-on, etc.) to take advantage of the original Wildcard Cert on the mainsite domain?

    Thank you!
    Chuck S.

  • wp.network

    Only the primary domain that you have an SSL cert for will work with https. You can still use Multi-Domains, just not force https on the other domains you use.

    @Tyler Postle what if using SNI w/ SSL certs for all domains, will Multi-Domains work with HTTPS forced for all domains?

    would I have to purchase two more Wildcard Certs or just two Domain certs? Is there a way (Parking or Add-on, etc.) to take advantage of the original Wildcard Cert on the mainsite domain?

    @ChuckS you'd either need to be using a majorly expensive UCC cert or SNI on your server to install separate SSL certificates per domain, or you could try just using CloudFlare to provide 'frontend' certificates using their own SNI-based technology :slight_smile:

    Aloha, Max

  • Tyler Postle

    Hey Chuck and Max,

    Apologies for such a delay here!

    I do not need to make any changes to my original wp-config and htaccess files. Right?

    You will still need to add the define to the wp-config.php:

    define( 'SUNRISE', 'on' );

    That is it though :slight_smile:

    and looks like Max answered your second question there, thanks for chiming in Max!

    @Tyler Postle what if using SNI w/ SSL certs for all domains, will Multi-Domains work with HTTPS forced for all domains?

    I don't have much experience with SNI; not the best person to answer the question. It looks like it could be do-able though. Since it's been awhile, I'm wondering if you have already figured this out - would be interesting to know.

    Enjoy your weekend!

    Cheers,
    Tyler

  • wp.network

    @Tyler Postle @ChuckS

    regarding https domain mapping w/ mapped domains and use with multi-domains

    I have documented some bugs with current domain mapping and mention multi-domains here
    https://premium.wpmudev.org/forums/topic/domain-mapping-bug-4033-breaks-https-permalinks-causes-mixed-content#post-837954

    In developing that thread, I connected w/ a few other community members who are working on resolving similar issues, specifically @Axel who had a thread going specifically on the multi-domains angle at https://premium.wpmudev.org/forums/topic/multi-domains-domain-mapping-cloudflare-https

    Mostly, it seems these configurations are possible (SNI, for instance, is a proven technology at this point) yet plugins need to be updated in some areas before such use cases will work well ...(or at least easily).

    Kind Regards, Max

  • Tyler Postle

    Hey Max,

    Sorry for being late getting back here. I see it looks like Jose has sorted out the issues you were facing here? https://premium.wpmudev.org/forums/topic/domain-mapping-bug-4033-breaks-https-permalinks-causes-mixed-content#post-855799

    Awesome :slight_smile: there are some outstanding bugs with Multi-domain and Domain Mapping integration that Sam is working on. He is currently away for another week or so, which is why you haven't heard too much from him lately.

    Cheers,
    Tyler

    PS. I just want to mention Max that your testing and contributions to Domain Mapping is definitely appreciated! You have really helped push it forward :slight_smile:

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.