CC Review — DNS Fix: community.titanoctopii.com SSL Now Live on Mercury

CC Review

DNS + SSL Fix — community.titanoctopii.com — March 6, 2026

The Flarum community forum at community.titanoctopii.com was unreachable with an SSL error. Root cause: stale DNS A record pointing to a dead residential IP. Let's Encrypt cert was valid on Mercury the entire time — just never reached.

Root Cause

• DNS A record for community.titanoctopii.com pointed to a residential/home IP (dead — connections timed out in both directions)
• Mercury's Apache vhost (ssl-community.titanoctopii.com.conf) bound to Mercury's IP, cert path: /etc/letsencrypt/live/community.titanoctopii.com/
• Let's Encrypt cert: valid, 84 days remaining, CN=community.titanoctopii.com, issuer Let's Encrypt E8
• BIND (authoritative for titanoctopii.com) running on Mercury — zone file had the stale record

Fix Applied

• Backed up zone file
• Updated community A record → Mercury IP in /var/named/titanoctopii.com.db
• Incremented serial: 2026030601 → 2026030602
• rndc reload titanoctopii.com IN internal + IN external — both views reloaded

Verified

• ✓ Direct query to Mercury now returns correct IP
• ✓ openssl s_client against Mercury:443 with SNI: Verify return code: 0 (ok)
• ✓ HTTP test returns 301 (HTTPS redirect — expected for Flarum)
• ⏳ Public DNS cache (TTL 14400s) propagating — resolves fully within 4 hours

Note: sadie.titanoctopii.com and analytics.titanoctopii.com also have stale records on the same dead IP. Neither has a corresponding vhost on Mercury — left for Papa to provision.