Your SSL cert is ‘wrong’ on your server. it’s not a WP issue.
This server could not prove that it is mysite.com its security certificate is from *.mysite.com. This may be caused by a misconfiguration or an attacker intercepting your connection.
Proceed to mapped-domain.com (unsafe)
Notice how that says mysite.com adn then mapped-domain.com? That’s what’s going on. What kind of cert did you buy?
Thread Starter
Andrew
(@snd26)
I bought a wildcard SSL certificate from my host:
http://www.siteground.com/ssl_certificates.htm
The actual name of it on my account says ‘Alpha SSL Certificate’, so I believe it was a resell of this one:
http://www.alphassl.com/ssl-certificates/wildcard-ssl.html
Thread Starter
Andrew
(@snd26)
I have just noticed the same happens on wordpress.com websites after looking at a few sites in their showcase, example:
qz.com – works fine
https://qz.com/ – exact same insecure error as me
That surprised me. so I have three questions about this.
1. If I only make https appear in the admin (by using just the wp-config SSL define) I still don’t know how a user with a mapped domain would login to their admin (which will be https). So for example:
mapped-domain.com – is fine
but when I click on the top toolbar admin link to go to the admin:
https://mapped-domain.com/wp-admin – the https insecure error occurs. So how would the site administrator, for the site above (qz.com) get into their admin: https://qz.com/wp-admin ? I assume it needs to be somehow setup so when a user with a mapped domain goes to their admin, it goes to the original sub domain:
admin: https://site.mysite.com/wp-admin
frontend: mapped-doman.com
how would I do that?
2. But if possible, I would still prefer to keep https everywhere (frontend and admin), by forcing https with htaccess. So is it possible to have https on mapped-domains everywhere?
3. If my second question isn’t possible, would it be possible to set it up how wordpress.com has it for their users sites, so https is everywhere, example:
https://sundoglitblog.wordpress.com/
But all sites with mapped-domains do not have https like the qz.com site above? providing I know the answer to my first question.
Hope all that made sense. Any help super appreciated.
I have just noticed the same happens on wordpress.com websites after looking at a few sites in their showcase, example:
qz.com – works fine
https://qz.com/ – exact same insecure error as me
That’s not an error. It literally means they didn’t get an SSL cert….
Look. Go to https://halfelf.org – same problem right? BUT https://store.halfelf.org/ works (it’ll redirect you to http, but that’s because you have nothing in the cart – https://store.halfelf.org/checkout/ will stay https)
The point is ONLY https://store.halfelf.org/ has the SSL cert so only that will work. That’s what you expect to happen.
You have to buy a cert for each domain. It has nothing to do with WP, that’s how the internet works. You have to buy SSL certs if you want people to use SSL. Or make a self-signed cert.
Thread Starter
Andrew
(@snd26)
That’s understandable, perhaps this question was more appropriate for another forum if it is more of a general internet question – but I was unsure.
“You have to buy a cert for each domain.”
So, (apologise if this seems an obvious question to you) if a user maps a domain, they won’t be able to access the admin/login securely? But this was why I asked if it is possible to force the admin side to use the subdomain instead of the mapped domain so the user will at least benefit from my wildcard cert in the admin. (if that makes sense).
So, (apologise if this seems an obvious question to you) if a user maps a domain, they won’t be able to access the admin/login securely?
Correct
But this was why I asked if it is possible to force the admin side to use the subdomain instead of the mapped domain so the user will at least benefit from my wildcard cert in the admin. (if that makes sense).
I missed that.. YES you can.
Option 1) https://wordpress.org/plugins/wordpress-mu-domain-mapping/ has a specific option for that.
Option 2) … I THINK you can do it if you make the site URL for the sites the subdomain and not the mapped domain
Thread Starter
Andrew
(@snd26)
Thanks Ipstenu, I’ll look into that.
