[Domain Mapping] Enom registration

How are you today I hope you are doing well.
When I put in my account ID and password I get login credentials invalid. I contacted enom ams this was their reply.

Sky V (Enom)

May 28, 2:23 PM PDT

Greetings John,

Thank you for reaching out to Enom support.

Our Plesk/WP is part of a shared hosting environment, due to this we would not be able to provide our credentials for this plugin.
Please refer to WPMUDEV plugin support for alternative steps.

  • Adam Czajczyk

    Hello John

    I hope you're well today and thank you for your question!

    I'm not sure if I fully understand the issue. I see that you have assigned it to the Pro Sites plugin and the site's Multisite so I believe this is related to registration of the user account on your own site, is that correct?

    Can you please explain a bit more what exactly is happening, step-by-step? Also, would you please enable support access to your site so I could test the issue and check site's configuration? To enable support access please go to the "Network Admin -> WPMU DEV -> Support" page in your site's back-end and click on "Grant support access" button there.

    Looking forward for your reply,
    Adam

  • Adam Czajczyk

    Hello John

    Thanks for response and enabling support access.

    The message about invalid credentials usually mean one of two things:

    - either you're not using Test Account while the test mode is enabled in Domain Mapping settings
    - or your IP (your site's IP that you can find on "Settings -> Domain Mapping -> Mapping Options" page) needs to be "white-listed" at eNom.

    Could you please double-check (at your eNom reseller panel) these two things before we go any further with this? Let me know if that solves the issue or if we need to "dig deeper".

    As for certificate. I don't see any domain mapped on your site currently so I can't address the specific case but the general rule is:

    - you need a wildcard certificate for your main domain so it would cover the main site and all the sub-sites (if you wish mapped domains to be properly served over https, original sub-domains should also be protected by SSL cert)

    - then it depends on what is allowed by your host; ideally, there should be SNI support (you may want to consult that with your host) and in such case you just need a regular single SSL certificate for each mapped domain to be added.

    If there's no SNI support (so no multiple single certificates can be added), that gets a bit more tricky as you'd need a Multi-domain certificate that would cover all the domains and possible sub-domains on your site. That could be a bit expensive and surely very inconvenient as adding new mapped domain would require re-issuing certificate.

    However, most hosts nowadays do support SNI, some also have a nice integration with Let's Encrypt that pretty much automates certificate issuing and setup. That, however, is something that you'd need to consult with your host.

    Kind regards,
    Adam

  • Adam Czajczyk

    Hello John,

    I understand then that eNom is now working fine for you, right?

    As for the mapped domain. I see that it is mapped in Domain Mapping but when I try to visit that domain (regardless whether with https:// or http:// prefix) I'm being taken to some "host placeholder" page:

    That means that there's still something not quite right with domain(s) configuration. I have checked both domains: the main one and the mapped one and they both seem to be pointing to different IP's (both return two IPs associated and different for each of them). Additionally, IPs for the main domain doesn't seem to be dedicated IP(s).

    That might be causing issues here. Can you tell me please if you do have a dedicated or shared IP for your site, just so I'd be sure? Also, is there any CDN in front of the site? What is DNS configuration for the mapped domain?

    Kind regards,
    Adam

  • John

    I have read alot of threads on this domain about domain mapping and ssl. My question is if I want the ssl to work without a security warning for site https://domain1.com where do I add the ssl certificate for domain1.com. Do I add it at the registrar? Or do I add it on my site https://syntheticmotoroil.co. This is where I can't get a definitive answer.
    The multisite setup I'm using is https://syntheticmotoroil.com/subdomain/. I'm being cheap since autossl works with all subsites. And if the people I'm adding on are going to use domain mapping it shouldn't make a difference.

    The domain I'm going to try and map is syntheticdieseloil.co. Should I change the A record at the registrar, on cloudflare, or on my dedicated server by creating a site for syntheticdieseloil.co and change the A record there? to point to the custom ip address of syntheticmotoroil.co?

  • Adam Czajczyk

    Hello John

    I'm sorry but I'm even more confused with the setup now. In this case, let me try to summarize the "mapping/ssl" general "rules" first and let's see how this applies to your case, ok?

    IP and mapped domains' setup

    First thing is whether the WordPress install - the main domain - is using a dedicated IP. By "dedicated" I mean a static IP that's used only by this specific domain. Ignoring the SSL part for now, that's important because of the way you're going to configure mapped domains.

    If it's a dedicated IP, you need first to make sure that the IP is properly configured. This means that it has to be set up in a way that when you type in an IP to the browser bar, it does load the main site of your Multisite. It shouldn't be a redirect, it's usually achieved by configuring a webserver - "document root" ("root folder") to be exact.

    If this is working, all that's got to be changed for mapped domain is to set its A record to point to that IP, then wait for DNS to be fully propagated and then just add the domain in Domain Mapping.

    If the IP is not dedicated (it's shared), this way will not work and instead each domain that you want to map needs to be added to your server as an add-on or parked domain (usually - add-on domain in cPanel). For add-on domains a "root folder" can be set and it should be set to be the very same path as for main domain of your Multisite. In other words: when you type the "mapped domain" into the browser address bar before adding it to Domain Mapping it must be loading the main site of your Multisite (no forward or redirect). Then, you add that domain in Domain Mapping as mapped domain.

    That's the first step.

    Sub-domain vs. sub-folder Multisite

    There are two types of Multisite install: a sub-domain and a sub-folder one. The first one means that all sub-sites will be created as sub-domains (e.g. subsite1.domain.com) and the second one means that all sub-sites will be created as sub-folders (e.g. domain.com/subsite1).

    One important thing is that if if it's a sub-domain kind of install, it cannot itself be in a sub-folder: you can't have main site at e.g. domain.com/main and the sub-site at subsite.domain.com/main or subsite.domain.com.

    But if you got a main site at "domain.com" that's fine and you can use any of these setups.

    3. SSL for original domain (not mapped domains)

    If it's a sub-folder install you just need a regular, single domain cert for you main domain. This will cover main site of the Multisite and also all the sub-sites.

    If ti's a sub-domain install, you need a wild-card certificate for you main domain. Installation of such certificate is the same as installation of a regular "non-wild-card" cert. However, you will want to make sure that sub-sites are actually set for HTTPS connections so once you create a sub-site, go to "Network Admin -> Sites" page, click on "Edit" link for the sub-site, then switch to "Settings" tab and make sure that both "Siteurl" and "Home" options' values (these are URLs) start with "https://"prefix. This will cause them to work over HTTPS connection and if you got a wild-card SSL installed, that would make them SSL-secured.

    SSL for mapped domains

    The point is that original addresses should already be protected by HTTPS, otherwise it can cause either redirect loops or insecure content. Therefore, first you need to take care of aspects described above.

    Then, if you want a mapped domain to be SSL-secured you need to install a certificate for that mapped domain. You will want to make sure that your server supports SNI but that's quite common thing nowadays, fortunately. If it does, you just add a regular single domain certificate (where the cert is issued for the "mapped" domain) to your server and that's it.

    SSL certificate issues

    You are installing certs on your own server. That's usually your dedicated IP or your - very same that is used for main site - hosting account. CloudFlare should be transparent.

    If you only have a wildcard for you main domain then your mapped domain will not be SSL-secured, it's impossible due to how SSL certification works. The sub-site, if reached via original address will be secure but if reached via mapped domain - it will give security warnings in browser or mixed-content errors and/or CORS policy errors.

    If you have wildcard for your main domain and a regular cert for your mapped domain - or alternatively you got a multi-domain cert that covers all the domains at once - then both original and mapped domains can be set to go over HTTPS connection and would be SSL-secured.

    There might be some additional issues if it comes to "mixed-content" errors, even if all the requirements described above are met but that's another things that needs to be checked on a specific site (those are usually things like e.g. some image URL "hard coded" in CSS with https:// prefixed URL etc).

    I hope that explains how this works a bit and if you have any additional/follow-up questions, let me know please.

    Kind regards,
    Adam

  • John

    Hi Adam, first of all thanks for answering my questions directly without that typical hope you are doing well today. I find that annoying.

    You said you were confused but your answers were pretty much spot on. I'm 90% there with just a few more reiterations.

    One is the custom ip address. When I type that in like so: https://customipaddress it does direct me to the site with a security warning which makes sense because the certificate is for the domain not the ip address. So that part is answered.

    Question 2: Sub-folder vs subdomain. This site syntheticmotoroil.co is set up as a subfolder and amsmotoroils.com is set up as a subdomain. The subfolder is working fine with ssl becuase one of my mapped domains syntheticdieseloil.co has been added to cloudflare. My question is, is it working because it's using cloudflare's ssl certificate or because it's a subfolder install? I don't mean the multisite was installed in a subfolder just that the multisite is using subfolders. I did not upload an ssl certificate for the mapped domain syntheticdieseloil.co. But no ssl warnings here.

    So are you saying with the subdomain setup (amsmotoroils.com and yes I have a wildcard certificate installed) all mapped domains need their own ssl certificate uploaded to my server via whm? Not in to the domain's own cpanel account? Because if the site is mapped to amsmotoroils.com they don't need their own cpanel account I presume is correct. If I added the mapped domain to cloudflare I presume their ssl won't work because it's a subdomain install, is this correct?

    I also like the add-on domain set up so I think what you're saying is when I add the domain as an add-on I don't give it a sub-folder like so: https://maindomain/addondomain/ it would also just go the public_html folder.

    If these are correct then I should be good to go.

    This is by far the best explanation I have come across. You explained it to me realizing i have no experience whatsoever. Thanks Again.

  • John

    Okay I created nameservers pointing to the dedicated ip address for domain amsmotoroils.com (which uses the subdomain multisite install) and created an add-on domain https://preferredcustomerdiscount.com pointing to the amsmotoroils.com/public_html directory and cpanel created an autossl for that one also without using cloudflare. The domain works perfectly with ssl.

    Now I'm going to try it without a parked domain but the site needs overnight to propagate I guess. Will keep you posted.

  • Adam Czajczyk

    Hello John

    Question 2: Sub-folder vs subdomain. This site syntheticmotoroil.co is set up as a subfolder and amsmotoroils.com is set up as a subdomain. The subfolder is working fine with ssl becuase one of my mapped domains syntheticdieseloil.co has been added to cloudflare. My question is, is it working because it's using cloudflare's ssl certificate or because it's a subfolder install? I don't mean the multisite was installed in a subfolder just that the multisite is using subfolders. I did not upload an ssl certificate for the mapped domain syntheticdieseloil.co. But no ssl warnings here.

    Yes, that's fine. If you're using CloudFlare's SSL that's okay. First, for the original domain (sytheticmotoroil.co in his case) any regular certificate will work. There's no need for wild-card certificate as "technically speaking" a sub-folder is a part of the main domain. Then, you got the mapped domain SSL-certified via CloudFlare as well so together it gives you a nice and easy protection.

    So are you saying with the subdomain setup (amsmotoroils.com and yes I have a wildcard certificate installed) all mapped domains need their own ssl certificate uploaded to my server via whm? Not in to the domain's own cpanel account? Because if the site is mapped to amsmotoroils.com they don't need their own cpanel account I presume is correct. If I added the mapped domain to cloudflare I presume their ssl won't work because it's a subdomain install, is this correct?

    Actually, not quite :slight_smile: If you add the mapped domain to CloudFlare then - since the original domain and sub-domains are already protected - the CloudFlare SSL should work just fine here. In other words: if a mapped domain is put through the CloudFlare and you enable SSL cert on CloudFlare for that mapped domain that should work just fine.

    That is, unless you do not want to use CloudFlare's certification and would want to use some other certificates instead. In such case you will need them on your server and yes - each mapped domain would need its own cert uploaded to it.

    One more question pertaining to the addon/parked domains. Do they still need a custom a record pointing to the main sites IP address or just have their nameservers pointing to the main site's IP address?

    No, that's not necessary. They only need a "document root"/"root folder" to be set to the main domain's /public_html path.

    Okay I created nameservers pointing to the dedicated ip address for domain amsmotoroils.com (which uses the subdomain multisite install) and created an add-on domain https://preferredcustomerdiscount.com pointing to the amsmotoroils.com/public_html directory and cpanel created an autossl for that one also without using cloudflare. The domain works perfectly with ssl.

    Yup, that's yet another option, it's perfectly valid an should work just fine.

    Best regards,
    Adam

  • John

    This post is just to make a clarification for anybody who has a multisite subdomain set up. That is https://subsite1.mydomain.com and autossl on their server or shared hosting account.

    If you are going to map every subdomain and I mean every single one and set it up as an add-on (alias) or parked domain (with comodo the limit is 100 add-on/parked domains) and have it point (this is in Cpanel) to mydomain.com/public_html they will work fine without a wildcard certificate. That is won't show a non trusted security warning. If one of the subdomains isn't mapped that will show a security warning. The mapped domains will also work if setup in cloudflare if you don't have autossl on your server. Cloudflare will issue your domains a shared ssl certificate.
    I still recommend a wildcard certificate for the subdomain set up because you won't know if everybody wants to alias their subdomain (i.e. wordpress.com).

    One more thing is if you set up a multisite on a shared IP address you must add every mapped domain as an add-on/parked domain pointing to mydomain.com/public_html.

  • wp.network

    Hey John reading your thread here really strongly reminded me of when I started messing with Multisite... was relatively new to web development and really jumped in to the deep end of the pool :wink:

    So, Adam Czajczyk was obviously right on deck with some really thorough support and you seem to have gotten through the patch you were in... that being, I thought I'd mention a few things...

    Firstly, learn to use the chrome/firefox/etc. 'developer tools' bcs this will be endlessly helpful in understanding/working with this stuff - and, you can easily check the details of a ssl certificate (eg. who issued it, what names it covers, etc.) in most browsers by clicking the lock icon in the nav bar (then click on 'certificate' or 'more info' as case may be...).

    Secondly, you might want to read these attached ebooks, several times - these used to be available directly, now you can support the author via https://www.amazon.com/Mika-Epstein/e/B008BWA3E2/ref=sr_ntt_srch_lnk_1?qid=1509860485&sr=8-1 (if you are able).

    And, lastly, though some of it might be a bit beyond... since you're on cPanel you might look at https://premium.wpmudev.org/forums/topic/autossl-domain-mapping#post-1322227 ...tl;dr: esp re AutoSSL, use addon domains for mapped domains; and consider choosing a 'service' domain to use for the cPanel account primary domain so that the domain name used for the WP network primary domain is actually just an addon domain :wink:

    Cheers, Max

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.