Having trouble with this issue - any solution?
That’s a pretty old article, but those records are supported here. Ivan Ristic’s Hardenize website can test your domain’s CAA records.
What issue?
CAs are required to check for and respect CAA records. If you create any CAA record, then Cloudflare will automatically add all the CAA records that they need to authorise certificates for the zone.
1 Like
When you run a SSL check, SSL Server Test: dtunicornfund.com (Powered by Qualys SSL Labs) It shows an orange field DNS CAA No (more info)
When you click more info - it shows CAA Mandated by CA/Browser Forum | Qualys Security Blog
A client sent a firefox malicious warning message preventing him from viewing the site at all. The client site is a fund so it’s important to have any issues resolved.
Here is a photo that the client sent:
The SSL is from Cloudflare.
I’ve been running SSL from Cloudflare on multiple client sites and have never encountered an issue.
For reference the client site is https://dtunicornfund.com
That domain is not active on Cloudflare. The hosting is on GCP. The only certificates on that domain are from LE.
The CAA is just informational, and the browsers do not care about it. It is a signal from a domain owner to Certificate Authorities when issuing a certificate, and has no other meaning.
1 Like
And the issue is that the certificate is not valid for www.dtunicornfund.com, only for dtunicornfund.com
1 Like
Ok, huge error on my part - needs to be moved to Cloudflare. If it was on Cloudflare, the SSL should work on both www and dtunicornfund.com - right?
Yes. And you should put a page rule in place to do the redirect from www to dtunicornfund.com.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.