Support #22325
closedMapped domain to be cleared: carouselsofnyc.com
0%
Description
Please see carouselsofnyc.com for being cleared in Wordpress for mapping. User has updated DNS and Reclaim has issued a certificate. Neither I nor the user right now can access the site, so I'm not sure if this final Wordpress step mentioned on the call earlier is the culprit. Otherwise, I can go back to them and see if it's a DNS issue or something with their site privacy settings.
Files
Updated by Boone Gorges 14 days ago
In order to map the domain, I need to know (a) the domain (in this case, carouselsofnyc.com) and also (b) the Commons site to which it should be mapped (either the numeric ID or the subdomain)
Updated by Colin McDonald 14 days ago
Shoot, that makes sense about b), sorry. Here is the URL:
Updated by Boone Gorges 14 days ago
Thanks, Colin.
It doesn't look like DNS is set up correctly:
$ dig carouselsofnyc.com ; <<>> DiG 9.20.5 <<>> carouselsofnyc.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41713 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;carouselsofnyc.com. IN A ;; ANSWER SECTION: carouselsofnyc.com. 1799 IN A 192.64.119.94 ;; Query time: 316 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) (UDP) ;; WHEN: Fri Mar 14 17:56:53 CDT 2025 ;; MSG SIZE rcvd: 63
The owner needs to set up an appropriate CNAME or A record as per https://help.commons.gc.cuny.edu/domain-mapping-commons/
Updated by Colin McDonald 14 days ago
That is very strange. I wonder if the user has changed something in the past day or so trying to get it to work. I am pretty positive before that it was all pointing correctly (and I don't think Reclaim would have issued a cert as they did if it wasn't). I'll reach out to the user.
Updated by Colin McDonald 14 days ago
Actually, I think that www.carouselsofnyc.com is mapped correctly, and carouselsofnyc.com is not. Is it possible to map to the www for now? And then I can see what is going on with the root. I actually thought they had it as the reverse, and forwarding to the www, but maybe not.
Updated by Boone Gorges 14 days ago
Thanks, Colin. I've mapped www.carouselsofnyc.com in WordPress. It resolves properly to the Commons, but the cert looks broken. Could you follow up with Reclaim?
Updated by Colin McDonald 8 days ago
Hi Boone, Reclaim should have both of these certs ready now, if you can make sure both are cleared on your end. I also had the user remove their forwarding rules which I think were causing issues.
carouselsofnyc.com
www.carouselsofnyc.com
Updated by Boone Gorges 8 days ago
- Status changed from New to Testing Required
- Target version set to Not tracked
I think I've got the configuration working right on my end - please test and let me know what you find.
Updated by Colin McDonald 4 days ago
- File carousels.png carousels.png added
Hello, the user and I are having trouble accessing the site consistently, both logged in (they made me an admin) and logged out. On both, I'm seeing "too many redirects" errors like the attached.
The user had domain forwarding in place before, but I had them out their DNS and use only our mapped-domains CNAME records for the root domain and www. Not sure if it's something on their end or elsewhere. It's odd, because I thought the site was displaying fine at least in public, logged-out view on Friday but they reported this over the weekend.
Updated by Boone Gorges 4 days ago
Hm, I'm not sure what's happening. Is there a reason why both carouselsofnyc.com and www.carouselsofnyc.com both have to be resolveable? Can we reinstate domain forwarding for www at the registrar so that it redirects to the non-www version? Then we only have to have a single mapping at the Commons.
Updated by Colin McDonald 4 days ago
Hi Boone, I can ask the user about reinstating domain forwarding for www, but I wonder about our general steps on this moving forward. This user is pretty tech savvy and willing to alter registrar settings, but in my experience the steps for forwarding vary a lot between registrars and are more difficult with less technical users.
That's why I'd prefer to keep steps for users as clean and easy to explain as possible: "Add these two CNAME records, delete any other A or CNAME records, delete forwarding if it's there, and that's it." But if it's causing issues on our end, I can add www forwarding to the sequence, and we'll figure it out for new users based on their registrar.
Updated by Boone Gorges 4 days ago
Ray, do you know whether perhaps I've set up the domain mapping improperly in WordPress?
If we can't figure it out, maybe the next step is to ask Reclaim what the proper config should be, with domains pointing toward the same WPMS subsite.
Updated by Raymond Hoh 4 days ago
- File 2025-03-24_152341.png 2025-03-24_152341.png added
According to rmccue, you only need to map either the non-www. or the www.: https://github.com/humanmade/Mercator/issues/47#issuecomment-163081297. No need to do both.
I've disabled the www.carouselsofnyc.com domain mapping and left carouselsofnyc.com as active in Mercator. Can try to do the opposite as well if needed.
However once I did this, I'm still seeing certificate issues. See attached screenshot.
"This server couldn't prove that it's carouselsofnyc.com; its security certificate is from district15parproject.org. This may be caused by a misconfiguration or an attacker intercepting your connection."
Maybe it's an issue on Reclaim's end? district15parproject.org is another Commons mapped domain.
Updated by Boone Gorges 4 days ago
Ray, thanks so much for the clarification on www/non-www.
I'm also seeing the certificate error. Firefox gives more details:
Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for www.carouselsofnyc.com. The certificate is only valid for the following names: acert.hunter.cuny.edu, cetls.bmcc.cuny.edu, clacls.gc.cuny.edu, crc15.org, district15parproject.org, globalization.gc.cuny.edu, hilarieashton.com, johnbrenkman.com, literarybronx.com, michael-greer.com, newsliteracymatters.com, pcp.gc.cuny.edu, publicslab.gc.cuny.edu, slublog.org, socialpaper.gc.cuny.edu, sruthi.org, taliaschaffer.com, wolex.com
So it does seem like it might be a problem with the way Reclaim has issued the cert. I've just sent their team a message about it.
Updated by Boone Gorges 3 days ago
Reclaim has fixed their config issues and the site is now resolving. Can others confirm?
So I think the two key takeaways here are:
1. As suggested by Colin, it continues to be OK for users to use CNAMEs for both www. and the bare domain when setting up DNS
2. We only need a single mapping for the domain in WP
Updated by Colin McDonald 3 days ago
- File redirect-carousels.mov redirect-carousels.mov added
Just tested this again and I'm not sure we're quite out of the woods, unfortunately. When I'm logged in, see attached for what happens when I try to go to the site from My Sites menus on the Commons:
I basically just get redirected back to my dashboard. This also happens if I type in carouselsofnyc.com directly. If I go here I can access the WP admin:
https://carouselsnyc.commons.gc.cuny.edu/wp-admin/
But I can't go to the public homepage, I just end up back at my dashboard. If I'm not logged in and go to carouselsofnyc.com, I get redirected here, which is odd because I confirmed in the WP admin that the site is set to be visible to all, just search engine indexing discouraged:
Updated by Boone Gorges 3 days ago
- Assignee changed from Boone Gorges to Raymond Hoh
Ray, can you please have a look at this? Seems that Mercator must be failing to find the site or something.
Updated by Colin McDonald 3 days ago
Looking good to me now, thanks! I'll loop in the user to make sure, then we can circle back and codify our steps for handling new mapped domain requests.
Updated by Boone Gorges 3 days ago
- Status changed from Testing Required to Resolved
Closing the loop from Ray's email:
I've reconfigured the carouselsofnyc.com domain in Mercator to use the bare domain instead of the www one and it appears to be resolving now.
Thanks all for your help getting this one figured out.
Updated by Raymond Hoh 2 days ago
Just to correct the loop, in my previous email I made an error. Instead of:
I've reconfigured the carouselsofnyc.com domain in Mercator to use the bare domain instead of the www one and it appears to be resolving now.
I meant to write:
I've reconfigured the carouselsofnyc.com domain in Mercator to use the trailing
www.domain instead of the bare one and it appears to be resolving now.