Support » Plugins and Hacks » [Plugin: WordPress HTTPS] Setting up Shared SSL

[Plugin: WordPress HTTPS] Setting up Shared SSL

  • My site URL looks like www.regular-domain.com. However, since I’m on a shared server I get a Shared SSL which I get by going to https://servername.webhostname.com/~username/.

    I’ve installed WordPress HTTPS, unchecked every setting except for Shared SSL, and put https://servername.webhostname.com/~username/ in the Shared SSL field. I’ve also put define('FORCE_SSL_ADMIN', true) in my wp-config.php.

    However, when I try going to the login page (e.g. through www.regular-domain.com/wp-login.php I get redirected to https://servername.webhostname.com/~username/~username/wp-login.php and get a 404.

    P.S. Any way to make URLs typed here be not converted into actual links?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Same here.

    For some reason it struggles with the fact that the https URL contains a path.

    I tried creating a symbolic link ~username into the public_html directory pointing to the current directory, i.e. ~username -> .

    What we get then is that it starts a redirect loop, making the url look line https://https.host.com/~username/~username/~username/…/~username/some/local/path/to/file.php

    For some reason it sees the shared ssl host url and thinks it needs to redirect it to the shared host url again, and again, and again, going back and forth with the browser. The latter finally gives up as it detects the redirect loop. Maybe it does not detect properly that the shared ssl host is actually ssl for some reason.

    I added a bit of logging to the plugin using the logging class I found here: http://www.redips.net/php/write-to-log-file/

    Something that struck me is that the is_ssl function does not seem to be entirely reliable.

    I loaded the home page of the blog twice, once as plain http and the second time as https. For both runs, it did not find that the request was https:

    21:33:53 (index)
    21:33:53 (index) *** NEW REQUEST ***
    21:33:53 (index)
    21:33:53 (index) $this->http_url = http://gatorXXXX.hostgator.com
    21:33:53 (index) $this->https_url = https://gatorXXXX.hostgator.com
    21:33:53 (index) Turn on Shared SSL
    21:33:53 (index) $this->https_url = https://gatorXXXX.hostgator.com/~username
    21:33:53 (index) remove redirect_canonical filter
    21:33:53 (index) function is_ssl() :
    21:33:53 (index) $this->shared_ssl = 1
    21:33:53 (index) $this->https_url = https://gatorXXXX.hostgator.com/~username
    21:33:53 (index) $_SERVER[‘HTTP_X_FORWARDED_SERVER’] =
    21:33:53 (index) return is_ssl() = false
    21:34:47 (index)
    21:34:47 (index) *** NEW REQUEST ***
    21:34:47 (index)
    21:34:47 (index) $this->http_url = http://gatorXXXX.hostgator.com
    21:34:47 (index) $this->https_url = https://gatorXXXX.hostgator.com
    21:34:47 (index) Turn on Shared SSL
    21:34:47 (index) $this->https_url = https://gatorXXXX.hostgator.com/~username
    21:34:47 (index) remove redirect_canonical filter
    21:34:48 (index) function is_ssl() :
    21:34:48 (index) $this->shared_ssl = 1
    21:34:48 (index) $this->https_url = https://gatorXXXX.hostgator.com/~username
    21:34:48 (index) $_SERVER[‘HTTP_X_FORWARDED_SERVER’] =
    21:34:48 (index) return is_ssl() = false

    I directly loaded the page as https, thus $_SERVER[‘HTTP_X_FORWARDED_SERVER’] is expected to be empty. Threfore the function reverts to what the wordpress function is_ssl() provides. Unfortunately, this function seems not to see the fact that the request actually was ssl.

    Looking at what is in $REQUEST, it makes some sense as the $REQUEST[‘HTTPS’] header turned out to be empty and the server port was set to 80. It is really strange what is going on here. The request is to https, but for some reason it is seen as http by the receiving server. The browser sees it as https though. All I can think of now is that Hostgator applies some proxy that hides the ssl connection for the receiving server…

    Plugin Author Mike Ems


    This is very common with Shared SSL certificates and proxies. Unfortunately it is impossible (as far as I know) to detect SSL without those global variables being set correctly.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘[Plugin: WordPress HTTPS] Setting up Shared SSL’ is closed to new replies.