Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CAA records are not only for users of Cloudflare DNS #6925

Merged
merged 3 commits into from Apr 28, 2020

Conversation

davidfischer
Copy link
Contributor

@davidfischer davidfischer commented Apr 17, 2020

This change moves the CAA record note out of the Cloudflare note. Users of any DNS provider can configure CAA records which prevent us/Cloudflare from issuing SSL certificates.

I also noted that if somebody has a CAA record for the root domain that it also applies to the subdomain.

This change moves the CAA record note out of the Cloudflare note.
Users of any DNS provider can configure CAA records
which prevent us/Cloudflare from issuing SSL certificates.
@davidfischer davidfischer requested a review from Apr 17, 2020
@ericholscher
Copy link
Member

@ericholscher ericholscher commented Apr 17, 2020

I wonder if we should move some of these into a troubleshooting section, instead of inside the main .org docs for this?

@davidfischer
Copy link
Contributor Author

@davidfischer davidfischer commented Apr 17, 2020

I wonder if we should move some of these into a troubleshooting section, instead of inside the main .org docs for this?

CAA also applies on .com although customers will need to add Amazon to the CAA records.

@ericholscher
Copy link
Member

@ericholscher ericholscher commented Apr 20, 2020

CAA also applies on .com although customers will need to add Amazon to the CAA records.

Right, but currently its only shown in the .org tab of the docs. We should probably add a troubleshooting section that mentions this, and has tabs for the proper config for .com/.org as we do for custom domains.

https://docs--6925.org.readthedocs.build/en/6925/custom_domains.html#custom-domain-support

@davidfischer
Copy link
Contributor Author

@davidfischer davidfischer commented Apr 22, 2020

I added a separate CAA admonition for Amazon in the RTD for Business tab.

@@ -63,22 +63,26 @@ You can also host your documentation from your own domain.
they do not yet allow us to acquire SSL certificates for those domains.
Follow the new setup to have a SSL certificate.

.. warning:: Notes for Cloudflare users
.. admonition:: Certificate Authority Authorization (CAA)
Copy link
Member

@ericholscher ericholscher Apr 27, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should explicitly mention what record users need to add. The Cloudflare docs on this aren't super useful, having just walked a user through it. I believe we need the digicert records.

Should we consider migrating to Lets Encrypt? Everyone I've seen that has misconfigured this, has set it to LE, so it might solve a lot of the issues.

Copy link
Member

@ericholscher ericholscher Apr 27, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I pushed a small patch to add this.

@ericholscher ericholscher merged commit f90cf35 into master Apr 28, 2020
2 checks passed
@ericholscher ericholscher deleted the davidfischer/caa-records-not-cloudflare-specific branch Apr 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants