Back to Community
Home / Community / CoreNetworking wordpress

Troubleshooting Common WordPress Multisite SSL and Domain Mapping Issues

26 threads Sep 7, 2025 CoreNetworking wordpress

Content

Configuring a WordPress Multisite network with proper SSL certificates and domain mapping is a common source of frustration. Users frequently encounter errors where the protocol (HTTPS) is stripped from URLs, subsites show security warnings, or fail to load entirely with errors like "DNS_PROBE_FINISHED_NXDOMAIN" or "ERR_HTTP2_PROTOCOL_ERROR". This guide breaks down why these problems occur and provides the most effective solutions based on community reports.

Why Do These Multisite SSL and Domain Issues Happen?

These problems are almost never caused by a bug in WordPress core itself. Instead, they arise from a complex interplay between three separate systems that must be configured correctly to work together:

  1. WordPress Multisite Configuration: The settings in your wp-config.php and .htaccess files.
  2. Server/Hosting Environment: How your web server (e.g., Apache, Nginx, OpenLiteSpeed) handles requests and SSL certificates.
  3. DNS and Network-Level Setup: How your domains and subdomains are pointed to your server via DNS records.

A misconfiguration in any one of these areas will cause the entire setup to fail. Common triggers include updating PHP, changing server settings, or adding new domains without updating all corresponding configurations.

Most Common Solutions and Troubleshooting Steps

1. Verify Your SSL Certificate Coverage

The Problem: The padlock is broken on a subsite, or browsers show a "certificate does not match domain" error.

The Cause: Your main site's SSL certificate does not cover the subsite's domain or subdomain. A standard single-domain certificate for maindomain.com will not validate for subdomain.maindomain.com or a mapped domain like otherdomain.com.

The Solution: You must use a certificate that includes all necessary domains. There are two primary ways to do this:

  • Wildcard Certificate: A certificate for *.yourdomain.com will cover all subdomains of yourdomain.com (e.g., sub1.yourdomain.com, sub2.yourdomain.com). It will not cover externally mapped domains like otherdomain.com.
  • SAN (Subject Alternative Name) Certificate: This is a multi-domain certificate that can list any combination of domains and subdomains in its SAN field (e.g., maindomain.com, www.maindomain.com, otherdomain.com, sub.maindomain.com). This is often the required solution for networks using domain mapping.

You must work with your hosting provider to obtain and install the correct certificate. Let's Encrypt supports issuing both types of certificates for free.

2. Fix DNS and Subdomain Configuration

The Problem: New subsites return errors like "This site can’t be reached," "DNS_PROBE_FINISHED_NXDOMAIN," or the site appears to be not found.

The Cause: Creating a site in the WordPress Network Admin does not automatically create the necessary DNS record or server configuration for that subdomain. The domain must resolve to your server's IP address.

The Solution:

  • For Subdomains: You must create a DNS record for each subdomain. An A record pointing the subdomain (e.g., staff.yoursite.com) to your server's IP address is the most direct method. Alternatively, a CNAME record pointing the subdomain to your main domain (e.g., staff.yoursite.com CNAME yoursite.com) can also work and may be easier to manage.
  • For Mapped Domains: The external domain (e.g., otherdomain.com) must have an A record pointing to your main WordPress server's IP address.
  • Server-Side: On some hosts (especially those using cPanel), you may also need to manually add the subdomain or parked domain in your hosting control panel so the server knows how to handle incoming requests for that address.

3. Check for HTTPS Stripping and Database Connection Errors

The Problem: The Site Address URL in the network admin saves as ://mydomain.com/ (missing the https), or visiting a subsite results in an "Error establishing a database connection."

The Cause: This can often be traced to an incomplete or incorrect wp-config.php setup for SSL across the network, or a server-level redirect that is interfering.

The Solution: Ensure your wp-config.php file includes the following lines to force SSL on the network admin and all sites:

define('FORCE_SSL_ADMIN', true);
// For situations where WordPress is behind a proxy/load balancer (like Cloudflare):
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') {
    $_SERVER['HTTPS'] = 'on';
}

If you are using a reverse proxy like Cloudflare, you must also ensure your SSL/TLS setting is set to "Full (strict)" mode and that your origin server has a valid certificate installed. Forcing HTTPS via a plugin can sometimes conflict with server-level rules, so it's often better to handle redirects in your .htaccess file or server configuration.

4. Flush Rewrite Rules and Permalinks

The Problem: A new subsite is created but results in a 404 error or a "critical error" when accessed.

The Solution: WordPress may not automatically flush its rewrite rules after creating a new site. Log into the affected subsite's dashboard, navigate to Settings > Permalinks, and simply click "Save Changes" without making any modifications. This forces WordPress to regenerate its rewrite rules, which can resolve many 404 issues.

When to Contact Your Hosting Provider

As evidenced in the sample threads, many Multisite SSL and domain issues require server-level support. You should contact your hosting provider for help if:

  • You need to install a wildcard or SAN certificate.
  • You are unsure how to create the correct DNS records (A, CNAME).
  • You are receiving Apache/Nginx/LiteSpeed errors in your server logs that you don't understand.
  • You have confirmed your DNS is correct but the subdomain still isn't routing to your WordPress installation.

Configuring WordPress Multisite is an advanced task that hinges on correct server setup. By methodically checking your certificate coverage, DNS records, and server configuration, you can resolve these common but frustrating issues.

Related Support Threads Support