Multisite SSL Help?

  • Hey all, Im hoping someone can help me with a odd issue im having

    Currently I have a multisite set up on my domain
    example.com
    site1.example.com
    site2.example.com and so on

    I have a few users who can login to the site to write articles and so on which is working wonderfully, but this is where it gets interesting

    I have a SSL cert for the root domain, example.com
    I can easily set up wordpress to use https to login and that works fine.
    However the cert I got was only for the root domain and not for any of the subdomains for the following reason

    When a user logs into the site, no matter what subdomain they are on, I have htaccess set up to redirect them to the root domain to login,
    I have also set up a plugin to hide the wp-admin page and only /login will give you a login prompt

    Here is where my problem is

    If I enable SSL for the main site it works fine until I change to a subdomain site
    There I either get a SSL warning (as the HTTPS doesnt recognise a valid cert)
    or I get a page not found warning, because of my disabled wp-admin

    I have a feeling the following is happening but im not sure how to fix it
    I think when you login to the main site using SSL it creates the cookie based of the SSL and makes you use the HTTPS site.
    so when you go to a non https admin page it doesnt see you as logged in and gives you the error

    So what im asking after all of these issues is this

    Can I redirect my users to the main site to login using SSL
    When they have logged in it redirects them to a non secure site so that they can travel between the subdomains without getting SSL warnings.

    I hope this all makes sense, (It kind of does in my head but no idea if its come across)

    Thanks in advance
    PomTom

Viewing 3 replies - 1 through 3 (of 3 total)

  • Hey PomTom,

    I’ll try to help here.

    My suspicion is that WP is not automatically redirecting you to the HTTP subdomain, meaning, it’s not doing a good job of switching between HTTPS and HTTP, when switching sites.

    A few things you can try:

    1. Optimally, I’d say encrypt everything – run it all under HTTPS. For some, this is tough because of the extra cost of multiple certs or wildcard certs. Since LetsEncrypt.org launched and is offering free SSL certs, you could look into this and see if your host would support it. If so, you can install certs for your subdomains and run everything securely.
    2. If #1 isn’t feasible, you could look at a plugin solution like WordPress HTTPS, which gives you some more controls regarding HTTPS within the WP Admin, including forcing SSL or non-SSL sessions.
    3. Look at your host’s control panel (cPanel, Plesk, or whatever they offer) to see if you can setup server-side redirects to redirect users depending on the URL or URL patterns they’re visiting.

    I hope that makes sense and good luck!

    Eric

    Thread Starter pomtom44

    (@pomtom44)

    Hey Eric ??
    Thanks for the quick reply

    I was hoping to avoid having to run multiple certs as you said cost and just having to manage multiple ones, but if thats the only/best option I may have to look into it

    I am hosting everything on a VPS so any config will be done manually rather than cPanel,

    I should also check if it is even possible to do a SSL login but after that go to normal http admin panel, because if that doesnt work at all ill have to go down the secure everything route

    Hey PomTom,

    Check that WordPress HTTPS plugin I linked to earlier – it can help you force users to be redirected to the non-HTTPS url unless you explicitly mark a page as SSL.

    I hope that helps!

    Cheers!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Multisite SSL Help?’ is closed to new replies.

Tags