Title: All sites are forced HTTPS despite wrong certificate Last modified: August 22, 2016 --- # All sites are forced HTTPS despite wrong certificate * Resolved [dienub](https://wordpress.org/support/users/dienub/) * (@dienub) * [11 years, 9 months ago](https://wordpress.org/support/topic/all-sites-are-forced-https-despite-wrong-certificate/) * I just updated to WordPress 4.0 (+ multisite) while I was playing with SSL certificates for one of my domains. * Unfortunately, the certificate is not a wildcard certificate and yet it applied to all of my multisite domains. * All of my admin pages are redirected to their “[https://”](https://”); counterpart, all included css files, images, etc, are rewritten as “[https://”](https://”); when i view source on a very broken-looking WP-MU site. * I’m using nginx and there are no redirects in my vhost conf (i know because I didn’t add any). I’ve tried reversing all of my SSL configurations but wordpress insists that all links must be https! * How do I stop this behaviour? Viewing 5 replies - 1 through 5 (of 5 total) * Moderator [Ipstenu (Mika Epstein)](https://wordpress.org/support/users/ipstenu/) * (@ipstenu) * 🏳️‍🌈 Advisor and Activist * [11 years, 9 months ago](https://wordpress.org/support/topic/all-sites-are-forced-https-despite-wrong-certificate/#post-5256934) * Did you edit your wp-config.php to have an use SSL admin define? * Thread Starter [dienub](https://wordpress.org/support/users/dienub/) * (@dienub) * [11 years, 9 months ago](https://wordpress.org/support/topic/all-sites-are-forced-https-despite-wrong-certificate/#post-5257010) * Before everything switched over to https, I had not edited wp-config.php. Afterwards, some googling suggested that adding the following options, could help: * define(‘force_SSL’, false); define(‘FORCE_SSL_ADMIN’, false); * It did not help, and all my sites (and admin pages) are forced HTTPS. * I’ve also tried checking in a different browser to see if it’s my cache that does this, but the problem persists. * Thread Starter [dienub](https://wordpress.org/support/users/dienub/) * (@dienub) * [11 years, 9 months ago](https://wordpress.org/support/topic/all-sites-are-forced-https-despite-wrong-certificate/#post-5257012) * I’ve checked the wp_options table for clues and it seems SSL isn’t forced there either: * ``` mysql> select * from wp_options where option_name like '%ssl%'; +-----------+--------------------+--------------+----------+ | option_id | option_name | option_value | autoload | +-----------+--------------------+--------------+----------+ | 307 | ssl_host | | yes | | 308 | ssl_port | | yes | | 311 | ssl_host_diff | 0 | yes | | 312 | ssl_host_subdomain | 0 | yes | | 315 | ssl_admin | 0 | yes | | 316 | ssl_proxy | 0 | yes | | 320 | ssl_host_mapping | a:0:{} | yes | +-----------+--------------------+--------------+----------+ 7 rows in set (0.00 sec) ``` * Thread Starter [dienub](https://wordpress.org/support/users/dienub/) * (@dienub) * [11 years, 9 months ago](https://wordpress.org/support/topic/all-sites-are-forced-https-despite-wrong-certificate/#post-5257014) * OK, time for full disclosure: I am an idiot. * After messing around with the is_ssl function in wp-includes/functions.php and forcing is_ssl to be false no matter what, I happily concluded that finally everything went back to it’s normal non-ssl former self. * Looking at the logic of the function, I concluded that it would only use SSL if the server told it that the connection was SSL. So I checked over some of the changes I had made last night (tired and sick) and noticed that my global PHP fastcgi config had the following line: * `fastcgi_param HTTPS on;` * Everything’s back to normal now. Thanks! * [BitsNStuff](https://wordpress.org/support/users/bitsnstuff/) * (@bitsnstuff) * [11 years, 9 months ago](https://wordpress.org/support/topic/all-sites-are-forced-https-despite-wrong-certificate/#post-5257240) * I just ran into this problem and spent many hours (over several days) trying to find out what had caused it. It started after I had done several updates at once, a bunch of themes, plugins, and wordpress update from version 3.9.2 to 4.0 .. I was doing this on my staging environment (Virtualbox) .. I run nginx, MySQL, wordpress, etc. * Suddenly I couldn’t load the root page, and I went into a redirect loop, going back and forth between my port 443 server and port 80 server. Going from port 443 to 80 was my own design, but going from port 80 back to 443 was a mystery. None of my settings explained why this was happening. I was being forced to use https. * I tried several things, removing plugins, themes, and wordpress itself. I finally narrowed it down to wordpress being the culprit. I downloaded version 3.9.2 and copied files manually back into the staging environment, and sure enough that fixed the problem. Something about the update from 3.9.2 to 4.0 was causing forced https. There are too many files for me to look through, so I just wanted to leave this here in the hopes it will get to concerned parties. Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘All sites are forced HTTPS despite wrong certificate’ is closed to new replies. ## Tags * [HTTPS](https://wordpress.org/support/topic-tag/https/) * [multisite](https://wordpress.org/support/topic-tag/multisite/) * [SSL](https://wordpress.org/support/topic-tag/ssl/) * In: [Networking WordPress](https://wordpress.org/support/forum/multisite/) * 5 replies * 3 participants * Last reply from: [BitsNStuff](https://wordpress.org/support/users/bitsnstuff/) * Last activity: [11 years, 9 months ago](https://wordpress.org/support/topic/all-sites-are-forced-https-despite-wrong-certificate/#post-5257240) * Status: resolved ## Topics ### Topics with no replies ### Non-support topics ### Resolved topics ### Unresolved topics ### All topics