Because of the move to HTTPS on our main WPMS install, all the custom domains (15-20) are now throwing “OHMYGODTHEYARESTEALINGYOURDATAS!!!” errors in Chrome. I don’t control any of those domains (which I guess doesn’t matter but seems to complicate things) and it’s in NGINX.
I’m just looking for any bulk/speed tips to get this done.
Hmmm, I think right now the directive is the nginx version of “SSL ALL THE THINGS” where what we probably want is “SSL ALL THE THINGS THAT START WITH rampages.us”. Let me see what that should look like. Wanna throw me a link or two here or in a PM to test?
Actually after looking at the config and trying a few of the custom domains I think the server is setup to let them run off HTTP. I think browsers these days do remember though if you tried a site with https first so you may want to clear your cache. I tried a few and they loaded for me just fine. From reading up on this it’s a difficult issue if they hit https first because the server has no way to redirect without that SSL negotiation happening (so basically the user has to get an error that they accept in order for the server to then do anything with their request). But I don’t think the server is currently forcing them to use SSL. What would really be cool is some way for Let’s Encrypt to read the custom domain information and provision certs for them, but that probably gets really tricky with this setup.
Agreed, it’s not forcing it, it can run on http etc.
What’s strange is that it seems to occasionally want to require https (maybe based on some cross-association with rampages?). The users who are emailing me aren’t the type to be typing in https. That’s what’s puzzling me. It’s also possible that you’ve already changed stuff and I’m trying to duplicate old behavior.
I’ll send you a few URLs.
Haven’t changed anything yet. Maybe it has something to do with move between rampages.us and their own Dashboard or something like that. A link within the My Sites area or something like that.
This is definitely what is happening. When logged into the rampages.us dashboard any link to the dashboard of a subsite is defaulting to https regardless of the domain. I imagine your users are accustomed to logging in from the homepage and then navigating to the dashboard of their blog(s) and that’s when they get hit with the cert error. I’ll have to think through potential alternatives, though it’s not clear why WordPress is doing that.
That makes perfect sense. Brilliant detective work.
Now we just have to figure out how to fix it
Yeah. I’m debating. I bet we could run a filter on that list and maybe override the https designation some modification of this but looping through domains instead . . .
Does the domain mapping plugin store the list of custom domains anywhere easily retrieved?
No idea at the moment.
This is not super priority for me but it’ll get to be one sooner or later.