Have you set a validation record but are not seeing it update in ActiveDEMAND after 24 hours? Your domain may have a CAA record that prevents an SSL certificate from being issued.
What is a CAA?
CAA (Certificate Authority Authorization) is a DNS record that allows the domain owner to specify which certificate authorities are allowed to issue an SSL certificate for your domain.
Why is this Important?
Adding a CAA record to your domain gives you an extra level of security. It prevents unauthorized or fraudulent certificates to be issued for your domain. We recommend all domains are setup with a CAA record.
What you need to do
When you are setting up SSL in ActiveDEMAND, you will need to add AWS to your CAA trusted list. To do this, add the following to your record:
- 0 issuewild "amazon.com"
- 0 issuewild "amazontrust.com"
- 0 issuewild "awstrust.com"
- 0 issuewild "amazonaws.com"
Does my domain have a CAA record?
You can use one of the following tools to lookup your domain and see what CAA records (if any) are set:
https://www.nslookup.io/caa-lookup/
https://caatest.co.uk/
Comments
Please sign in to leave a comment.