Support » Networking WordPress » Best practices for SSL for networked sites?

  • I’m trying to figure out the proper settings to enable SSL on all networked sites, including the main site. My host offers a ‘Let’s Encrypt’ ssl certificate that will cover the main domain and all parked domains.

    The networked sites are all subdomains mapped to domains. I assume that I don’t need to have the subdomains protected (otherwise I’d need a Wilcard SSL that does not cover the parked domains).

    And how do we handle insecure content? Because all the networked sites are subdomains so images are loaded from http://subdomain.mainsite.com.

    Are there any good resources for this so I’m not shooting in the dark for the next week?

    • This topic was modified 2 years, 5 months ago by echoleaf.
Viewing 14 replies - 1 through 14 (of 14 total)
  • > The networked sites are all subdomains mapped to domains.
    How did you map the subdomains to domains? In our WP systems, the media are using the domain urls. We use the WP MU Domain Mapping plugin or update the siteurl to map subdirectory/subdomains to domains – https://wordpress.org/plugins/wordpress-mu-domain-mapping/

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    I’m trying to figure out the proper settings to enable SSL on all networked sites, including the main site. My host offers a ‘Let’s Encrypt’ ssl certificate that will cover the main domain and all parked domains.

    Let’s Encrypt is great but it does not support wildcard certs. That means for each subdomain.mainsite.com you need a separate VHOST and Let’s Encrypt cert for each one.

    You could have one VHOST with multiple servernames but you still need a single Let’s Encrypt cert for each one. This is what I do today with multisite and Let’s Encrypt.

    @jkhongusc Yes, I use the ‘WordPress MU Domain Mapping’ plugin.

    @jdembowski I’d have to ask my host if it would let me create a LE cert for each subdomain (it allows for each actual domain but not subdomains afaik).

    If I could figure out how to get the http://subdomain.mainsite.com resources on each site to not be flagged as insecure that would ideal.

    > If I could figure out how to get the http://subdomain.mainsite.com resources on each site to not be flagged as insecure that would ideal.

    We use have a WP subdomain and another subdirectory system. If we map the subsite to a domain, the media urls immediately use the domain url. Are your media url still using the subsite url even after mapping it to a new domain. Did you update the siteurl too?

    @jdembowski I was able to create a cert with several server names in one single certificate from letsencrypt, but I got them manually, via https://www.sslforfree.com/ or zerossl…

    Moderator Jan Dembowski

    (@jdembowski)

    Forum Moderator and Brute Squad

    Yep, that’s how my Let’s Encrypt is setup too using alternative names. I missed that step. 😉

    For a small network of sites I think that’s fine but if you have more than 20 or so then it may get cumbersome managing that one cert. Having multiple certs is more work but may be easier to organize.

    @jkhongusc All uploaded media (ie images) are using the subsite url. Is there a setting that I may have missed?

    > @jkhongusc All uploaded media (ie images) are using the subsite url. Is there a setting that I may have missed?

    When I initially create the subsite, the url is domain.com/subsite1. I can change the subsite url two ways:
    1) Adding domain by editing the Siteurl in the Network -> Edit Site.
    2) Adding the domain via Domain Mapping plugin. When I add Domain maps, I set the new domain as the primary. Also the Domain Mapping configuration ‘Disable primary domain check. Sites will not redirect to one domain name. May cause duplicate content issues.’ is unchecked.

    Doing either above immediately updates all my media urls. Other plugins can interfer with it.

    My multisite is setup to use subdomains instead of subfolders. So when I go to Network Admin > All sites > (sitename) > edit site, this is what I have set for “Site Address (URL)”:

    sitename.mainsite.com

    I can safely change that to the mapped domain instead (ie sitename.com)? I just tried that on one of the networked sites and the images on the site are still being loaded from sitename.mainsite.com.

    • This reply was modified 2 years, 5 months ago by echoleaf.

    > I can safely change that to the mapped domain instead (ie sitename.com)?
    Yes. We have WP subdomain systems too. Our subsites are initially subsite1.www.domain.com, which we then change to subsite1.domain.com via Site Address or siteurl.

    I recommend testing it on a test domain first since you have never done it before. But one you change the siteurl, all your media urls should reflect the new setting

    I don’t think this works. I went to to Network Admin > All sites > (sitename) > edit site and changed

    sitename.mainsite.com

    to

    sitename.com

    Images are still being loaded from sitename.mainsite.com. I opened one image in a browser tab, with the url http://sitename.mainsite.com/wp-content/uploads/sites/3/2015/05/SiteBanner.jpg and went looking for it in the FTP and see that it’s located in /wp-content/uploads/sites/3/2015/05

    I’m guessing that there’s a setting or config somewhere that is forcing the use of the subdomains for uploads? What are my options for disabling it? At least if the image was loaded from http://mainsite.com/wp-content/uploads/sites/3/2015/05/SiteBanner.jpg it would be secured by SSL and the issue would resolved.

    SOL I am, it seems. Gotta export the subsite into a single, non-multisite WP install then.

    You must have something blocking (e.g. plugin or configuration). When I go to the Network menu; and edit the Site Address (URL) for the subsite. When I go to the subsite dashboard -> Media Library -> all the media urls reflect the new url.

    I did this on two of my dev systems (one really old and one new). Both changed media urls when the Site Address was updated.

    If your images urls are hard-coded in your content… then that is a different issue.

    Doh – the test subsite had a slider with a hardcoded image urls. Looks like this should work, now to try it on the site that I really need to secure. Thanks for mentioning that!

Viewing 14 replies - 1 through 14 (of 14 total)
  • The topic ‘Best practices for SSL for networked sites?’ is closed to new replies.