Skip Navigation

[Resolved] MODULE MANGER interferes SSL CERT and causes other severe problems

This support ticket is created 6 years, 11 months ago. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Our next available supporter will start replying to tickets in about 2.26 hours from now. Thank you for your understanding.

Sun Mon Tue Wed Thu Fri Sat
8:00 – 12:00 8:00 – 12:00 8:00 – 12:00 8:00 – 12:00 8:00 – 12:00 - -
13:00 – 17:00 13:00 – 17:00 13:00 – 17:00 13:00 – 17:00 13:00 – 17:00 - -

Supporter timezone: America/New_York (GMT-04:00)

This topic contains 8 replies, has 2 voices.

Last updated by Christian Cox 6 years, 11 months ago.

Assisted by: Christian Cox.

Author
Posts
#517086

It turned out another SEVERE TOOLSET BUG which needs a very URGENT fix! It is about Toolset MODULE Manager which

1) cause MIXED CONTENT across entire web portal (apart from main domain we do have also 31(!) active sub domains in place; hosted on a dedicated server, incl. professional premium FIREWALL and certified *.wildcard SSL CERT.

This mixed content error is strictly the result of this particular MODULE MANAGER plugin's coding!

2) breaks post and page LINKS

3) BREAKS IMAGES and interferes displaying images properly

4) Interferes DNS/CLOUD PROXY Firewall

5) breaks SSL entirely by marks a proper WordPress setup INSECURE

6) slows down server performance drastically

7) several minor issues ...

When discovered several teams tried a work around which is because of the mixed content caused by MODULE MANAGER coding (the image link is hardcoded in the plugin files) by override this through adding the following line to the site .htaccess file:

Header set Strict-Transport-Security "max-age=31536000" env=HTTPS

BUT this is impossible too.

The mixed content error does not only appears and impact our web portal at the backend, it also alters functionality (see above as listed), so our customer and users are confronted with that issue as well.

Originally this SEVERE problem was discovered by the WPMU DEV Team (and it is confirmed by FIVE independent server specialist such as server provider 1&1, two PLESK Teams one based in USA the other one in EUROPE, SUCURI Firewall provider, and as already mentioned discovered from the WPMU DEV Team.

Please provide immediate solution by rewriting the code of MODULE MANAGER!

Regards
Beate

#517120

Hi, I'll pass this information along to our developers. Can you please answer these questions so I can give them specific information about the problems you are experiencing?

1) cause MIXED CONTENT across entire web portal
2) breaks post and page LINKS
3) BREAKS IMAGES and interferes displaying images properly

Are these problems currently visible on your site? If so, what URL can I visit to see this error occurring? If not, can you provide details of a specific case for each of these issues so I can help investigate?


4) Interferes DNS/CLOUD PROXY Firewall
5) breaks SSL entirely by marks a proper WordPress setup INSECURE
6) slows down server performance drastically
7) several minor issues ...

Is the Mixed Content error resolved if you use Toolset Module Manager to export / import modules, then deactivate the Toolset Module Manager plugin?

Originally this SEVERE problem was discovered by the WPMU DEV Team...and it is confirmed by FIVE independent server specialist
May I have any documentation you have received from other developers or server technicians about the cause of this problem so I can pass it along to our developers for the most accurate resolution? If you would like to upload that information to Drive or Dropbox and provide a link, I can download it and attach to my report.

#517576

Hi Christian,

as requested attached .pdf document with further details.

Please mark this ticket as an CRITICAL BUISNESS ISSUE with needs highest attention and a short response time.

Thank you.
Beate

#517584

I'm sorry, I did not receive an attachment. The best way to provide documentation to me is to upload it to a file sharing service and paste a link here for me to download. I can enable a private reply area so the link remains confidential. Please provide a download link here.

#517609

Hi, I received your information and I understand completely about FTP access. No need to fill this information in.

The link you sent is to the Google Drive app instead of an individual file or folder - was that intentional? If so, I need a username and password for the Google account, and I need to know the location of the documents you would like to share. I only received a password in your previous message. I'd rather not be given access to your entire Google account for security reasons, I'd prefer to get a direct download link for a file or files.

If I misunderstood how you want me to download the file, please let me know.

#517943

Thank you, I have received the document and am reviewing it now.

For an immediate solution to get your site back online, please deactivate Toolset Module Manager, delete the plugin folder from your server, and clear your cache. Then test that the 503 errors at courses.b...org and academy.b...org are resolved and the sites are back online. If the code in Module Manager itself is causing this problem, the situation should be resolved. Please confirm that your 503 errors are resolved by deactivating and deleting the plugin.

#518050

Hello Christian,

thanks for work around of 503 error. We did as suggested.... tested intensively and did not get in trouble with an 503. However, that does not solve the real culprit 'mixed content' caused by Toolset with result, Toolset does not accept an verified SSL Cert installed and managed via Firewall.

As you know, mixed content on a website affects the server performance drastically!

Also, when discovered that issue we tried a temporary fix with a HEADER work around at .htaccess file of 'Strict-Transport-Security "max-age=31536000" env=HTTPS' ... such action is blocked by TOOLSET.

Current STATUS none of our expert can fix it; it must be done by Toolset Team, shortly.

Our botbocom.org web portal is protected by the highest and strict Firewall plus SSL provided and maintained by SUCURI's Expert. That server and website protection does not accept MIXED Content.

Please provide a solution shortly. To be honest, sind 11th April (when first confronted with it) we lost heaps of member, invested incredibly amount of money for each involved Team... and our business is not only time wise harmed.

All our investment is benefiting Toolset, at least in that way, that we could provide to you guys clear and confirmed information about what/how/troubles being confronted with mixed content, also not using that HEADER work around at .htaccess level.

We do hope, you see the disaster in which we are right now and truly believe, you guys act very fast.

Thanks, Beate

#518069

However, that does not solve the real culprit 'mixed content' caused by Toolset
Do I understand correctly: After Toolset Module Manager is deactivated, you are still experiencing Mixed Content errors? I still see 503 at courses.b...org

We will investigate as soon as possible. Please confirm you have updated all your Toolset plugins to the latest versions, and that this does not resolve the 503 errors and mixed content errors.

If your problems are not resolved by updating to all the latest versions, I would like to request a clone of your website so we can investigate further. Our own forum website uses Toolset Module Manager over SSL without any problems, so replicating your current setup will be important for investigation. The Duplicator plugin can be used to create a clone:
https://wordpress.org/plugins/duplicator/

We can recreate your multisite installation locally and continue to test. I will enable a private reply area here so you can post a link where I can download the clone of your site, as well as login credentials for a user that was created BEFORE the clone was made. Feel free to delete this user after the clone is made, to secure your live site.

#518774

Hi, I very much want to help solve this problem and make sure others do not encounter the same issue. Would you be willing to describe the solution your development team found so I can present it to our developers?

This ticket is now closed. If you're a WPML client and need related help, please open a new support ticket.