To start with, I made a mistake and assumed, bad me, that the Terms of Service that let me collect donations for my ebooks would similarly be okay with collecting payments for said ebooks. Alas, no. “Digital goods including digital currency” are not permitted, and that was my bad. It resulted in me losing my entire account and having to fight to get my customers their money back.

Meanwhile I decided to get started on making an easy way for people to pay and stay on my site (like Stripe), and this, no matter what, means I need to have SSL.

Normally that’s not too much of a problem, but my store happens to be a subdomain of a mapped domain on a multisite. My WordPress install is at ipstenu.org. This site is actually tech.ipstenu.org, and my store (store.halfelf.org) is actually hshop.ipstenu.org (stands for HalfElf Shop…). I used domain mapping to point halfelf.org to tech.ipstenu.org, and store.halfelf.org to hshop.ipstenu.org. While I could just edit the site and home URL in the ‘Edit Site’ page, domain mapping is needed for in order to tell WordPress that the domain is really a thing.

Setting all that up was the easy stuff, though. The SSL part was something I’ve poked at before and given up, since multiple domains and one SSL cert is a pain in the ass. But today, if you go to the Half-Elf Warehouse, you’ll see it’s all SSL! (NB: It was. It’s now only SSL on pages that need SSL, to allow for better caching.)

You will need….

SSL Certs

This is the easy part. You need an SSL certificate for the domain you need to protect. If this is the only domain you want to add this on to, it’s relatively easy. If you need to add SSL on to multiple domains, check with your webhost.

I actually have multiple SSL certs. The problem with multiple SSL certs is that a wildcard one for subdomains costs around $300 (this is on Comodo), and I have three domains I need to protect on one server… Oh. Wait, wasn’t this a problem before? As it happens, I’ve got SNI on my Apache instance now, so that was fixed. I picked up a cert for store.halfelf.org and set it up, done. Except…

Add-on Domain

Why this? Well it’s funny. I used to always tell people ‘Use Parked Domains, it’s way easier’ and this is still true, it just has a caveat of ‘unless you’re trying to use SSL.’ Now that I am, I hit a sticking point where a parked domain cannot have it’s own SSL cert, but an add-on domain can. This was a simple fix. I deleted the parked domain and flipped it to an add-on domain. Then I added the certificate in for my site and now I have https on ipstenu.org and store.halfelf.org but not halfelf.org. Why? Because halfelf.org and store.halfelf.org are separate add-on domains. Had I bought a wildcard cert for halfelf.org, I could have made halfelf an addon, and store.halfelf a parked domain on top of halfelf, but this works too.

The other option, of course, is a multi-domain cert, which is too much money for my tastes, and I don’t need it all the time. I have SNI, which makes this so super easy for me, it’s silly. Just add the cert for the domain and have a party.

WP-Config

But today I only want to force one of my mapped domains to be SSL:

if ( $_SERVER["HTTP_HOST"] == "store.halfelf.org" ) {
    define('FORCE_SSL_ADMIN', true);
    define('FORCE_SSL_LOGIN', true);
}

No that was it. If it’s two domains, it’s this:

if ( $_SERVER["HTTP_HOST"] == "store.halfelf.org" ) { ...}

if ( $_SERVER["HTTP_HOST"] == "ipstenu.org" ) { ...}

and so on and so forth. Why not using an OR check? Because it failed miserably when I did that. I suspect it’s due to ipstenu.org being my main domain, but I was tired and stopped here.

.htaccess

Okay, now I want my domain to default to SSL when people visit too!

RewriteCond %{HTTP_HOST} ^store\.halfelf\.org
RewriteCond %{SERVER_PORT} !443
RewriteRule ^(.*)$ https://store.halfelf.org/$1 [R,L]

That was easy.

WordPress SSL

What about making everything on my page load SSLish? Install and activate? That was it? Oh. Okay.

Verify!

https://store.halfelf.org

Hey! Looks good! Actually I’d had a problem when I first ran this.

Chrome's Warning for SSL

Yeah, that little yellow triangle. What the heck did it mean? I trotted off to Why No Padlock? and got an error:

SSL verification issue (Possibly mis-matched URL or bad intermediate cert.). Details:
ERROR: no certificate subject alternative name matches

That didn’t help me at all, so I viewed page source and looked for http://store and didn’t find anything. Then I looked at the console and saw that it had an error on some JS:

//<!&#91;CDATA&#91;
var utilityL10n={"src":"http:\/\/store.halfelf.org\/wp-content\/uploads\/sites\/26\/2013\/12\/jpeg.jpg"};
//&#93;&#93;>

That happens to be my background image. So I went and removed the background image readded it, and the error went away!

Moral?

Always read the ToS.

Reader Interactions

Comments

  1. Hey Mika,

    Thanks for this! I’m a little stuck with my setup, maybe you can help?

    My main domain on my network is nwtd.co. My network is setup as sub-directory. I’m using the WordPress HTTPS plugin and all is good there. My entire domain is nwtd.co.

    In cPanel, I have all the mapped domains set as parked domains. There’s no issue there and all works fine.

    I do have one mapped domain that is asking for an SSL: pactems.org. I have changed this domain from a parked domain to an add-on domain. I have installed the certificate on the server. All seems good there.

    The problem is that when I try going to https://pactems.org, I get a certificate mis-match error. For some reason, the SSL for my main domain, nwtd.co, is coming through for pactems.org. Any idea where I went wrong?

    • @Chip: The SSL looks fine to me right now. It’s probably somewhere in cpanel/whm that you have things crosswired. That is, the wrong cert is setup on the add-on domain. I had this issue, since the cert for ipstenu.org (yes, it has one) is NOT the default! The one for my admin side of the server IS. So it was trying to use secret.ipstenu.org (not the real URL) on ipstenu.org. I had to go in and for the add-on, forcibly say “Use this cert” via cpanel.

%d bloggers like this: