CloudFlare and free Flexible SSL on WP Engine
For the past three months, I’ve tried my best not to have a mini meltdown over the fact that a number of my domains in a WordPress multisite network using Cloudflare’s free Universal SSL would not serve up a green padlock over HTTPS. When I first heard Cloudflare was offering free Universal SSL, I was very excited to take advantage of it. For some reason, it just wouldn’t work and for months, I couldn’t figure out why.
Now that Google is using HTTPS as a (minor) ranking signal, I want to make sure all my domains are using SSL. But even after enabling Universal SSL on Cloudflare for each domain, the one’s using the new service were void of the green padlock that tells the world each domain in my little network could be trusted. After struggling with it a bit to no avail, I thought I’d better buy a three site SSL certificate from my preferred domain name seller, Namecheap.com, for three of my most important domains. A temporary fix for 3 domains in an 11 domain multisite network.
After WP Engine installed the Commodo certificate for me, all three sites were instantly padlocked after. Since the others were not as much of a priority, I continued to ignore no green padlocks on them, but it just kept on nagging at me they weren’t locked.
It’s in my nature to incessantly focus on problems until resolved. While others might not care as much as I do or they pass the buck to someone else, I always go to the end of the earth (despite my better judgment) to figure it out myself. I don’t know why I’m like this. It’s a blessing in some ways, because I actually get things done–no matter what. It’s a curse in others, because I do it all myself and am so focused that it can take hours and hours of painstaking work to figure out the solution. In that, I’ve let the world go by while I’m trying to solve a problem I should pay someone to solve for me. But, then I’d have to give them all the passwords and account access to both my network install, Cloudflare, and WP Engine. Without a clear path to resolution, who knows how many hours someone could take to figure it out. And, who knows if you’re even talking to the right person who can figure it out.
Night after night, I would go back through my Cloudflare install and make sure all domains were set to Flexible SSL. Then I’d dump my cache at Cloudflare and in my WordPress WP Engine network admin. I tried a various plugins to see if the URLs did would not redirect and cause a loop. Nothing worked.
I made sure to get the Cloudflare plugin to connect my multisite network to the service, but I was getting some errors and I needed to research how to make sure the Cloudflare plugin connected via their API to my account. I turned off my Cloudflare service for all the domains that had no green padlocks. Of course, the API wouldn’t connect if they were off. I turned them all back on and made sure they were all set to Flexible SSL again. Once I solved that, I thought: “Great! Problem solved. My padlocks should be green!”
Nope, that didn’t happen.
After some lengthy discussions with WP Engine support on this matter, I learned I was getting a lot of mixed content and insecure content warnings on some of my domains in the network. Why? Because somehow my URLs had gotten rewritten either in the original migration from Linode to WP Engine or by some process or plugin. I’ll never know how that happened. Two of my sites were missing all of their content and their URLs were rewritten incorrectly for posts and pages in the database as “netmix-co.netmix.co” instead of “primarydomain.com/sitename.
Tasked with figuring out the underlying problem, I went in and performed search and replace surgery on all my domains using phpMyAdmin. I was able to go into my posts and post meta tables for each site in the network and find the incorrect rewritten paths. I simply replaced the incorrect ones with the correct domain names of each site in the network. That solved a ton of insecure content warnings and brought back all my missing content while also fixing redirection issues.
Having done all this, I was pretty confident I’d see the green padlocks, but when I checked whynopadlock.com, all the sites with Cloudflare Flexible SSL turned on were hard redirecting to http. I thought, “geez, now how do I solve this?”
Earlier that week, WP Engine had helped write some html post processing logic that is set in my multi-site’s WP Engine admin area. Could that be the culprit? I removed those rules to see if anything changed.
Nope, that didn’t work either.
In the middle of all of this, let’s throw in the fact that WP Engine had to move my web services to another IP address last week after their provider was hit with a DDOS attack. I was tasked with updating all 11 sites A Records in the network. I did and learned that one of my sites had no DNS records at all (Oy!), but was still resolving. Go figure.
I went back to WP Engine again to explain my dilemma again. Fortunately, I got in at 3 minutes to 9 pm Eastern time, just minutes before chat support closed up for the night. I gave one of WP Engine’s techs, Brian F., all the earlier detail. His head must have been spinning. But, he finally figured out that they had to manually force https on their end to enable the green padlock on all sites in my network.
Finally, it was over. After months of starts and stops and weeks of going back to it, getting distracted by family stuff and client work, I was able to sit down and go through everything once and for all. Problem solved.
While all the abovementioned things I did were important, Cloudflare did tell me in one response they were seeing WP Engine had the ability to do something on their end to fix this, but they didn’t say exactly what that was. With Universal SSL, WP Engine does not have to install a certificate. It’s a one-way call to WP Engine who do not have to confirm the request with an installed cert. What they didn’t say was that WP Engine has to manually force HTTPS. It wasn’t until Brian F. figured this out that the curse was finally over.
I did not use a Force HTTPS plugin, because I think WP Engine disallows a few of them. I don’t know that they would have worked anyway. I’m was happy to have WP Engine manually write that rule every for this instance and in the future. At any rate, the problem is resolved. On to the next issue.
I hope this helps someone not have to go through weeks of pain like I did to finally figure out that all WP Engine had to do was force HTTPS manually. That’s it. Problem solved.
Fixing Insecure Content
For the past few weeks, I’ve been suffering from what is called “insecure” or “mixed content” issues on my WordPress multisite network, which I’m hosting over at WP Engine. The goal has been to use the new free Flexible SSL from CloudFlare on a number of sites in my multisite, but leaving three of those sites as Full a as designated in CloudFlare, because I purchased a 3-domain certificate from Commodo, through my domain name registrar, NameCheap.
While I’ve done all of this…I’m still not seeing my free, Flexible SSL locks on the site in the network that are SSL enabled at CloudFlare. I’m not sure if it’s going to take 24-hours to possibly resolve all those mixed content errors, which will finally unshackle me from a plain grey file looking icon up there in the URL bar of some sites in my network (not this one, as this one has a paid cert from Commodo).
What I’m working on
Last night I clocked out at 1 am after working on a WordPress DNS setup for Comfort Theory, trying to figure out why my Flexible SSL locks from CloudFlare aren’t fully green on my WordPress multisite network, and figuring out how to get a custom URL for another client, Youth Mission Co here in Asheville.
Today was quite busy too. Between caring for Hudson, our 13-month old, all morning while my wife continues to work on her health, fitting in the configuration of Modern Tribes’s Event Calendar ticketing system with Woo Commerce checkout and PayPal IPN for CQResults.com, as well as having a late afternoon dinner with wife and son, the day is still not over.
I just launched a new coupon campaign for All In One SEO Pack Pro and cleared some social media posts tonight in Sprout Social and I still haven’t figured out my issue with my multisite. I have yet to run by another client’s restaurant, East Village Grille, to show him his new restaurant menu system I implemented using OpenMenu.com.
Ah ha! I just now finished the battle with YouTube on merging two channels. Learning something new everyday! Verification was a little difficult as well, but enduring leads to success! Just gotta work the issues.
I’ll probably be in bed tonight again at 1 am.
Getting back to the basics
Now that WordPress has released its new desktop app for Mac, it incentivizes lazy bloggers like myself to keep the app open and do what we’re supposed to be doing – blogging.
The desktop app is pretty sweet and much faster than logging into your WordPress admin. Since it’s always there are the ready and you can switch sites easily (as long as you’ve connected all your self-hosted sites using WordPress.com username and password connected through JetPack), this new app for both Mac, which is what I’m using, and PC should increase your blogging output.
It’s a New Year and with this great new tool from WordPress, I should be able to churn out my thoughts on my blog, before I publish to a Facebook feed or a Twitter status update.
I’m going to try and be more dilligent about using the new WordPress desktop app to increase my blogging output, for sure.
MetroTV Reel from 2000 to 2002
15-years after my stint as Senior Producer at MetroTV in New York City, I’ve finally uploaded and posted my old reel, which features Rachel Perry, a popular TV host who started her early career at MetroTV and went on to work for many major entertainment networks. In this video, you’ll see an interview with Meres, the curator of 5ptz, a graffiti art space in Long Island City, Queens. Rachel also hosts The New York Music Rundown from the original Halcyon space on Smith Street in Brooklyn. There are also interviews with Nas, Brian McKnight, and the Roots and appearances by Groove Armada, Paul Van Dyk, Boy George, and Deep Dish. My good friend, DJ Madsol Desar was on the wheels, as well.
I really enjoyed my early stint producing television programming and probably should have stuck with it. After my layoff from MetroTV due to reduction in staff at Cablevision after 9/11, it was difficult to find a job in New York City. I ended up focusing on streaming media and worked for two big banks and MLB Advanced Media, before landing a gig developing a contextual commerce music platform for StarStyle.
This video is really a throwback and reminds me of one the best jobs I ever had in New York City. I enjoyed using my music connections to book artists on The Daily Beat or feature my friends, like DJ Madsol Desar, on one of the show. The New York Music Rundown ended up winning a Communicator Award for Best New Cable Product.
Let me know what you think of this video by leaving a comment below.
Asheville House Music Society Radio Show on AshevilleFM.org
On February 8, the new Asheville House Music Society Radio show launched on Asheville, NC community radio station, AshevilleFM.org. The shows airs at Midnight each Saturday and into Sunday morning until 2 am. Listen live on 103.3 LP-FM on the radio dial or tune-in live on AshevilleFM.org or via the TuneIn app for iOS and Android devices.
SNL video featuring Kevin Hart about gentrification of Bushwick, Brooklyn
Loved this video with SNL guest and comedian, Kevin Hart, mocking the gentrification of Bushwick, Brooklyn.
- “Said the garlic truffle was a must try.”
- “Did they have any cheeses. What else are you gonna pair wine with…air?”
- “Word, acting like somebody put gluten in your muffin or something.”
This is absolutely hilarious!
My Christmas story 2014 about a boy named Hudson
On this Christmas Day 2014, I am a father at 48-years of age.
My wife and I started trying to have kids in 2007, but we were unsuccessful. We kept at it, even trying the science route of fertility treatments for a while. The toxins in the treatments hit Missy hard. She has a hard time dealing with toxins in medication as a result of a condition related to a prior mold exposure. We decided it was time to look into adoption and sought out an agency in Raleigh, NC to help us start our search.
Since we began our search, we’ve moved a few times. In the world of adoption, with every move comes the necessity of a new home study and updated criminal background checks–county, state, and federal. The adoption process is extremely thorough and meant to weed out couples that may have colorful pasts.
After spending two months in Ecuador over the winter, we settled into our new apartment in Asheville, NC. We thought it was important to start marketing ourselves locally, so we printed out postcard size flyers and tacked them up in coffee shops and cafés around the city. We also re-engaged on the web, updating our Facebook Open Adoption page, our MissyandTony.com website, and our agency adoption page. Those efforts paid off when we were discovered by a local adoption attorney here in Asheville, Christopher Craig (of Craig Associates). Fortuitously, Chris connected with a local birth mother who was almost to term at 8-months at an adoption workshop held at the Pack Library in the city center.
Chris set up a meeting with the birth mom and she selected us! It was then 3 short weeks attending ultrasounds and quickly getting to know her and her own parents, who were super supportive of her on this journey. On December 7 at 2:42 am, Missy was with the birth mother in the delivery room and witnessed the birth of our son. Just like that, we became parents almost overnight.
It was definitely not as simple as it sounds. There were some legal hurdles we needed to clear up between birth mom and a prior relationship, as well as an issue the hospital’s risk management department wanted us to resolve. The week of the 7th was a busy time getting those details taken care of from our tiny overnight room in the NICU at Mission Hospital, also here in Asheville. Little Hudson David Antonio Zeoli needed just a bit of extra care, because he wasn’t feeling well after the delivery. It was nothing serious. The hospital was just being cautious. That day, our lives changed forever.
It’s an odd feeling going through the adoption process. I think adoption, while common, is not necessarily top of mind for most people who can conceive. It’s a different kind of waiting. When you’re in a search for an adoptive child, it can get monotonous and it can become a seemingly never-ending journey. There’s all the calls with the agency for guidance, education, and support. Then there’s the marketing of yourselves and your story to prospective birth moms. Of course, there’s the hours of filling out paperwork and more paperwork to go through the red tape that is there for the child’s safety, but sometimes seems so redundant. Lastly, there’s the waiting for something…anything to happen. It’s hit or miss. You might connect with a birth mother who isn’t ready. Or, in some cases, you are contacted by people trying to sell babies illegally and women who aren’t pregnant with mental health issues that can’t control their behavior. You have to be able to read between the lines. If you’ve never gone through the adoption process, it is a challenge to recognize when something is real or when it’s not.
I never, ever would have thought I would be here adopting a child at this point in my life. But somehow, this is where I am. I’m doing something I never, ever thought I’d do. I’m not going to say that I was 100% on board with adoption in the first place. I wasn’t totally sold on the idea, but I went along with it, because it was important to Missy and we really did need to start our family. I’d been building a business and knew how important it was to stay engaged in and relevant in my field. Looking for a child seemed like a distant possibility. Really? Someone is going to give us their child? Just like that? OK.
It’s like waiting for that trip to Disney World your parents had promised you after they’d postponed it a few years in a row. Sure, Disney World seemed like a great place, but with each passing year it felt so far away–like it was never going to happen. And to get there, you couldn’t go on your own. You needed someone to help you. As the waiting game commenced, there were times it just seemed like the Disney trip might never come. You began to treat waiting like it was something you wanted to look forward to, but without firm plans, you shift it back of mind, hoping for the day, but never fully investing in the idea.
Fortunately, we finally made it to the proverbial Disney World! Like all adoptions, it took some time. Weeks into months and months into years. But, now we are adoptive parents to this little amazing young man who we call, Hudson.
He’s here. After all the waiting and wishing, Missy and I finally get to realize what comes a little easier to so many people I’ve known over the years who were able to have kids. Many of my friends have kids graduating from college or in the workforce. Time went by. Not so fast, but just as fast as time goes by. Tick-tock, tick-tock, and the calendar flips to the next day after the last. Another year goes by and you wonder, “where did the time go?” You can’t really grasp what you’re not experiencing, because it’s hard to know what parenting is like unless you’re a parent.
BOOM! Now, we’re parents. Whoa! The whole world just stopped on a dime when someone said, “here you go…here’s your son.” We’ve arrived and are embracing this little man with all the love we have to give. With our hearts, minds, and spirit. We know that everyday he’s with us is a gift of immeasurable proportions. For this gift, we are incredibly grateful. It seems so surreal. We know adoptions happen everyday, but when they happen to you, it’s an experience one cannot really explain. Someone has made a plan for you to adopt their child and you begin a new journey without that same 9-months others have to plan. I’m now on my first ride at Disney World aka the “Interstellar Galactic World of the Marvelous (and Gassy) Hudson David Antonio Zeoli.” It’s just as fun now as it was back then.
I don’t much believe in Christmas miracles. I’m a pragmatist. I know Christmas is a man-made holiday that has become the most commercial holiday of them all. We make up these things to make sense of the world and create days to stop and celebrate for celebration’s sake. I know we had done the work to put ourselves in a place where we would be found, and we were. Yes, lightning does strike and people say magic does happen. I’m going to say that the universe felt the energy from our hearts and found a way for all that love to bring Hudson to us. The spirit of many warm and kind people looking out for us – all aligned for the same common purpose – to give Hudson an opportunity he might not have otherwise had out of the gate, most likely contributed to our celebration today.
On this Christmas Day, I am so grateful for my wife and so grateful for my son. I now have a family to call my own. Something many men aspire to have, because it’s innate in all of us to procreate, sustain and propel human existence. While it did not happen naturally, it happened the way it was meant to. We were given the gift of caring for a child who did not come from us, but is now with us forever. He is us and we are him, brought together as one family unit through the love, support, and recognition of others.
While I have faith there is a higher power, I find that power one of energy connecting everyone’s worlds. If that is God in some people’s minds, then God is the one to thank for providing the energy and connective tissue to bring this story to a wonderful close.
Thank you for reading. Good night and Merry Christmas.
Follow up to my Tim Cook post
Here’s a follow-up Facebook comment I made to my Tim Cook post in October.
Today I made a comment about my wonderful gay friends, which was inspired by Tim Cook’s coming out post. While many in Cook’s circles knew that he is openly gay, it seems as if it was important to let America know. I just want to make sure that no one misunderstands me and thinks my post is directed at them and their views. I mention “gay marriage,” simply because it’s now overturned in North Carolina and Tim Cook’s recent post.
However, just as much as I support the right for gay (LGBT) people to marry, I also wholeheartedly support the right for anyone who disagrees with gay (LGBT) marriage to have their position and their opinion, as long as it is not Federal Law. If your religious beliefs dictate to you that marriage is between a man and a woman, then you have every right to that belief. I cannot say that my belief is any different than yours. We agree to believe different views, and that’s okay.
While we may disagree on the precept that “gay marriage” is legal and that gay’s (LGBT) have the right to marry, we will do so as friends who understand that not everyone agrees on everything. I can have my beliefs and you can have yours. I welcome the opportunity to discuss those beliefs and tell you why I feel the way I do, just as much as I would expect you to tell me why you believe marriage should be between a man and a woman.
We are all on this planet together. Not everyone is going to agree. But we can work together to understand why we believe the things we do and peacefully coexist, because as brothers and sisters on this planet, when push comes to shove, we need each others help regardless of who is married and who is not. Who is this religion or that religion. Or, who is this color or that color.
When put in a room together like those kidnapped by ISIS in Syria, it all becomes meaningless. The only thing that then matters is cooperation and survival.
You must be logged in to post a comment.