Linking DNS to ycode shows that CAA is active, which is not

Hello Guys, thanks in advance for the help.

Linking new site on DNS, (ycode) , it finds the records but shows: CAA record found for domain.

Which i do not have any CAA or services that block…

Any ideias ?

Cloudflare will add CAA records in one of two situations.

  1. You enable AMP Real URL or SXG Signed Exchanges. CAA is mandatory for these features to work, so Cloudflare will transparently add the CAA records required for these features to work.
  2. If Universal SSL is enabled and you add any CAA record, then Cloudflare will add the CAA records required for Universal SSL Certificates to be issued.

If either of these apply and you are trying to issue certificates for your domain outside of Cloudflare then you will need to add appropriate CAA records. I recommend as a best practice that you manually add CAA records for any certificate authorities you use even if they are being automatically added by Cloudflare.

Thanks Michael !

but no, did not activated any of those, it was working on previous hostgator website…

Can you share the domain?

Can you verify that neither SXG nor AMP Real URL are enabled on the dashboard: https://dash.cloudflare.com/?to=/:account/:zone/speed/optimization/other

Sure ! its OneMenu.com.br

DNS is set to 34.78.38.148

ycode,

I tried do add a CAA on DNS here, but it did not work.

Can you share a screenshot of what you are trying to add?

The DNS records indicate that SXG or AMP Real URL are enabled. Have you checked whether or not they are enabled using the link I shared previously.

% dig +short CAA OneMenu.com.br
0 issue "letsencrypt.org"
0 issue "digicert.com; cansignhttpexchanges=yes"
0 issue "pki.goog; cansignhttpexchanges=yes"
0 issuewild "comodoca.com"
0 issuewild "letsencrypt.org"
0 issuewild "pki.goog; cansignhttpexchanges=yes"
0 issuewild "digicert.com; cansignhttpexchanges=yes"
0 issue "comodoca.com"

Hi Michael ! thanks for all the help.

Yes! i did notice that the AMP was on !

Sure here is a print

According to their documentation, Ycode does not support CAA. So you will have to disable both SXG and AMP in Cloudflare. This will remove the CAA records.

It would be better if Ycode just documented what CAA values they required, rather than saying “it does not work so delete CAA records”.

2 Likes

Thank you so much for the help and sorry for the delay .

i email the ycode team, they replyed;
""Yes, you are right, we should write what CAA values to use.
In our case we use [letsencrypt. org] for SSL certificates on Ycode. So your CAA record should be something like this:

CAA 0 issue "[letsencrypt .org]

also, i deactivated the AMP, and still…

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.