Talk:Custom domains

From Meta
Jump to: navigation, search

Wording[edit source]

In the second number 4:

"4. Put in the comments field that you have changed added the CNAME record,"

I think the word changed should be removed. I would do it myself, but... (By the way, why is this page full protected?) Wynter (talk) 03:03, 26 September 2015 (UTC)

Fixed it myself. Wynter (talk) 19:14, 26 September 2015 (UTC)

Turkish first line[edit source]

Miraheze sitesinde talebiniz üzerine özel alan adınızı (wiki.yourdomain.org gibi) kullanılabilir hale getirebilirsiniz. İhtiyacınız olan tek şey aşağıdaki adımları takip etmeniz ve vikiniz için bir SSL sertifikası almanızdır (SSL sertifikasız, özel alan adsız - https://www.startssl.com/ ve https://letsencrypt.org/ sitelerinden ücretsiz SSL sertifikası alabilirsiniz):

Error. I could not save. --Hersitede (talk) 19:19, 27 October 2015 (UTC)

Wise disclaimer[edit source]

I haven't got very far yet, but it would be wise to include a disclaimer explaining that D4rkB0t isn't going to support custom domains. D4rkst4r (talk) 21:31, 10 December 2015 (UTC)

I'm not going to make unproductive edits over this...[edit source]

...But please ask for CNAMEs only. D4rkst4r (talk) 01:30, 13 December 2015 (UTC)

If people want to host their DNS with us, they should feel free to.
But DigitalOcean just terminated our third DNS server, so yay. Southparkfan (talk) 21:17, 13 December 2015 (UTC)
There's no reason to and it's only going to make things harder for the user. This is a reason why it's not a good idea. D4rkst4r (talk) 23:59, 16 December 2015 (UTC)

Precise instructions for Let's Encrypt (LE)[edit source]

Now LE is in public beta - anyone can use it - quite likely miraheze users who want to use certificate will use LE.

My issue: and the requested CSR will be emailed to you - the problem is - https://letsencrypt.org/getting-started/ - I have no idea how it relates to LE process...

Potentially miraheze admins can generate the certificate on their own - is that an option at all?

If that's not a feasible option - can you please provide detailed instructions how to use your CSR with LE process?

Thank you

Hi, CSR and LetsEncrypt don't jive from what I know. We will prefer to handle LetsEncrypt certificates our side (and we can generate them our side as the domain we are wanting to encrypt is pointed to our servers, which is seemingly the only requirement by LE) as the expiration dates are fairly awkward as they're 90 days as opposed to industry standard 365. I'll work on writing the LetsEncrypt caveats into the page later today but in short, tell us the domain you want for the wiki, tell us it's LE and then we'll do the rest. The CSR part is only relevant for standard certificate authorities who generate their own private and public key and then share them with users, the CSR just means only Miraheze has the private key which restricts the number of people who are able to decrypt traffic to 3 at most. Thanks John (talk) 10:53, 9 March 2016 (UTC)
So here is what I want to do... I have a domain genesis.re - it is hosted via GitHub Pages. I also use CloudFlare to enable https:// - I'm pointing my DNS to CloudFlare so the traffic appears encrypted (I know it isn't, connection between CloudFlare and GitHub is not). Wiki is hosted on miraheze - https://gen.miraheze.org/wiki/Main_Page - and I'm using very basic redirect so the https://genesis.re/wiki goes directly to wiki. This is the current state. Ideally I would like to have https://wiki.genesis.re that is pointing to miraheze... That would be ideal. Not sure it if it much work, I'm keen to try. Previous instructions were rather unclear - in the rise of Let's Encrypt there is no need to mention StartSSL so my suggestion was to update the docs. --Stefek99 (talk) 16:26, 16 April 2016 (UTC)

Previous instructions were rather unclear - in the rise of Let's Encrypt there is no need to mention StartSSL so my suggestion was to update the docs. - would it be possible to enhance instructions how to use Let's Encrypt? Apologies... It's still not clear how to use it. You can also drop support for StartSSL as Let's Encrypt is much more reasonable choice. Thanks! Stefek99 (talk) 13:46, 29 July 2016 (UTC)

I've changed it to state if people want to use LE, they should email us stating so and we'll handle it. In theory we don't support any SSL services as it's a global standard and I personally still encourage the use of StartSSL as it's a lot more time efficient for us. With LetsEncrypt we spend a certain amount of time managing and renewing certificates which is an annoying downside about the service. The instructions for LetsEncrypt are really just 'point the domain to us and tell us you want to use LE and it's done'. John (talk) 15:35, 29 July 2016 (UTC)

Custom subdomain for my wiki[edit source]

nvm, jobs done, thanks miraheze :D

Emails not being delivered for CSR request[edit source]

Hi, I have tried again today to email a request for a CSR but again it has come back with a message: "Your email to Phabricator was not processed, because an error occurred while trying to handle it." This is in relation to discussion here: User_talk:Southparkfan#Add_custom_domain_assistance_please. Is there an issue with CSR requests at the moment or am I doing doing something wrong? Borderman  talk | contribs | email 20:31, 12 July 2016 (UTC)

It is most likely that it is a Phabricator issue, not that you did something wrong. The sysadmins will resolve the problem ASAP. Reception123 (talk) (contribs) 04:21, 13 July 2016 (UTC)
@Borderman and Reception123: This is an inherent problem with phabricator. Usually, incoming emails (to csr@) are automatically directed to Phabricator, and a private task is created for them. Unfortunately, if you have an account linked to the same email you sent the request from, Phabricator throws internal errors because it refuses to create a task that the author can't view. (Note that for every existing object anywhere, the 'task author' can always view this object). Try to request it from a different email or manually create a task on phabricator.miraheze.org -- Cheers, NDKilla ( TalkContribs ) 11:42, 13 July 2016 (UTC)
@NDKilla: Thanks for the explanation, I have sent another request from a different email. It didn't bounce back so it appears to have gone through ok. Borderman  talk | contribs | email 13:06, 13 July 2016 (UTC)
@Borderman: The task was created and I updated. I shifted it from the security place and put a custom policy in place where only members of the security project and you can view it. On the taks, could you please indicate what certificate authority you want to use for your certificate? If you want we can generate one with Let's Encrpyt but the domain will have to point to our servers before we can create the certificate, otherwise we will generate a CSR as normal. -- Cheers, NDKilla ( TalkContribs ) 13:16, 13 July 2016 (UTC)
@NDKilla: Thank you for your help. I would prefer it if you would generate one with Let's Encrypt for me, I know that way it will be done properly. The custom domain already points to your servers. Borderman  talk | contribs | email 13:27, 13 July 2016 (UTC)

Timing when moving an external Wiki to Miraheze[edit source]

Several actions need to be taken care of when moving an external wiki to Miraheze:

  • change DNS names
  • create miraheze wiki
  • create CRS and LE request
  • export database
  • import database

But I am a bit puzzled in what order this needs to be done. If I change the DNS now, my site becoems unavailable instantly. If I request SSL by LE now, it will be issued for the current website. I would like to keep the current website up and running until the last possible minute. Can you instruct me what to do? --Ruud habets (talk) 12:48, 6 September 2016 (UTC)

Per Southparkfan, "The wikis should be synced first, afterwards the original wiki should be read-only (if needed), and then domain indeed". Reception123 (talk) (contribs) 16:09, 6 September 2016 (UTC)
Thanx, I will see to that. --Ruud habets (talk) 13:24, 8 September 2016 (UTC)

WoSign and StartSSL untrusted on FF[edit source]

Mozilla is untrusting StartSSL and WoSign by FF51 release (and Apple/Google following Mozilla). I believe this is a good reason that we shouldn't accept new certificates from those CAs issued after 2016-10-21. — revi 08:00, 7 November 2016 (UTC)

Yes check.svg Updated MacFan4000 (talk) 12:31, 7 November 2016 (UTC)
For the record, @MacFan4000: this was a suggestion made by revi. He is a former staff member, so if he wanted to edit the page himself he would have done so. Please be sure that this is agreed on by other people before directly changing the page, that is what talkpages are for, discussion. Reception123 (talk) (contribs) 18:57, 7 November 2016 (UTC)

I would like a .tk instead of .miraheze.org[edit source]

This is Sjimenezch, from wikipuc.miraheze.org
Currently wikipuk.tk redirects to wikipuc.miraheze.org.
I would like to get a Custom Domain from dot.tk for Wikipuc using LetsEncrypt, more precisely, to have wikipuk.tk instead of wikipuc.miraheze.org
I know there is at least one wiki with a .tk, https://evelopedia.tk/wiki/About_EVE_Online
If there is anything I have to do, please tell me, because as some people I didn't understand the instructions on this article


Thank you

Created Phabricator:T1092 for tracking. Also make sure to point your domain to Miraheze's servers or else it won't work. --ImBoPhil (talk) 19:17, 1 December 2016 (UTC)


Ok, so currently wikipuk.tk redirects (HTTP 301 forwarding) to http://mw-lb.miraheze.org
Is that ok? What's next?
Also, the task on Phabricator was closed as duplicate. Is that ok?
Thank you

You have to create a CNAME type record (not a 301 redirect) or point the domain to our nameservers. -- Cheers, NDKilla ( TalkContribs ) 21:36, 1 December 2016 (UTC)