What is the name of the domain?
example.com
What is the issue you’re encountering
How to enable DCV renewals for customer hostnames and certificates
What steps have you taken to resolve the issue?
I want to verify that the way I’m setting up Custom Hostnames for my customers is correct.
Assume my SaaS product is located at www.my-saas.app and my customer will use a subdomain e.g. my-customer.saas.app
My customer wants to use the address portal.my-customer.com
So far, I have issued the following DNS entries to my customers
portal.my-customer.com CNAME my-customer.saas.app
_acme-challenge.portal.my-customer.com TXT G2ycNtv3R_XXXX
_cf-custom-hostname.portal.my-customer.com TXT 32923557-YYYY
This works, and the SSL cert is issued, but I think I’m missing the DCV for renewals. The help area of the Custom Hostnames indicates I should also send my customer:
_acme-challenge.portal.my-customer.com CNAME portal.my-customer.com.XXX.dcv.cloudflare.com
But, the docs (https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/delegated-dcv/#setup) list the set up as:
_acme-challenge.my-saas.app CNAME my-saas.app.portal.my-customer.com
Can anyone clarify what record I need to give my customers so renewals happen automatically?
Was the site working with SSL prior to adding it to Cloudflare?
Yes
What is the current SSL/TLS setting?
Full