SSL not working on multisite (except on a sub-site, which is domain mapped)

My WP Multisite is a sub-directory multisite, so I shouldn't need a wildcard DNS to fix this issue. The SSL worked before I migrated the site to a new domain (same host). I got a new SSL for the new domain, and turned off the old domain's SSL (just in case). SSL still not working. Please help! Thank you!

Here are two screenshots on the issue:

https://www.whynopadlock.com/results/fdbac1f2-2e98-413f-a6f8-34d39d6fa09e

https://cdn.discordapp.com/attachments/529410522521534464/529410817905655818/Screenshot_20181231-232926_Chrome.jpg

    • Justin
      • New Recruit

      Hey, exactly how similar is your situation? Perhaps we could make it easier to target the problem.

      Something I am sure of -- I can use a standard htaccess (non-multisite) file, and the SSL works correctly on the site. Of course, this also breaks all of the sub-sites.

      I think it might be related to the htaccess, but I'm not entirely sure.

  • viobru
    • Recruit

    Hi, Justin!

    Thanks for contacting us, hope you are doing great :slight_smile:

    I'm not an expert with SSL certs, but after some research I found this solution on Let's Encrypt forums that was suggested to another person that was getting the same errors as you (SSL_ERROR_BAD_CERT_DOMAIN on Firefox and NET::ERR_CERT_COMMON_NAME_INVALID on Chrome). Please give it a try and let us know if this solved the issue. Looks like the problem is you don’t have the www subdomain set up in your nginx configuration. Add it there and run certbot again (it should ask if you want to reinstall the existing certificate). Have a nice day ahead and Happy New Year!

    Kind regards,
    Violeta

  • viobru
    • Recruit

    Hi, Justin!

    Thanks for informing. As I mentioned during our chat conversation, I pinged my teammates from SLS and ask them if they can take a closer look at this, because I'm not sure how or where to check this. Thanks for your comprehension.

    Have a nice day ahead!

    Kind regards,
    Violeta

  • Konstantinos Xenos
    • Rubber Duck Debugger

    Hi Justin ,

    There's a difference between "www." and "non-www" sites. The "www." subdomain needs it's own cert as well to be declared when getting an SSL cert from Let's Encrypt if it's not a wildcard one.

    In your site the only path visible is the non-www

    There should be 2 DNS in there since you're using the www version i.e.:
    DNS Name=speedrunnews.com
    DNS Name=www.speedrunnews.com

    Since you shared the whynopadlocklink, I have to mention that it used the wrong URL and that's why you're seeing a "valid ssl". You can see the problem that I'm mentioning by running the www. instead as well at https://www.whynopadlock.com/results/dde30a9b-816f-4f08-877b-e08a0cb098cb

    You'll see that it mentions an SSL error because the protected domain is only the non-www version.

    I'm not really sure how Dreamhost is automating and requesting the certificates from Let's Encrypt but since you're using the www. , it should have a certificate on it's own as well to be valid.

    This would actually save troubles as well if you wanted to do redirects from non-www to www and vice versa also as both domains should have valid certificates as well for that to work if needed.

    I'd suggest to contact Dreamhost and explain to them that you're using "www." but your Panel is issuing a non-www only certificate, they might have to change your account panels records to point to the www version so the cert can be properly issued or add it manually for the www. version as well.

    I hope this clears things up a bit and points to a correct direction :slight_smile: .

    Regards,
    Konstantinos

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.