- Le plus récent
- Le plus de votes
- La plupart des commentaires
Solved my own question, maybe it is CloudFlare who suddenly sets CAA automatically on the root domain and that's what prevents our CI pipeline from invoking ACM validation.
So our problem is essentially a misconfiguration on wildcard subdomains, such that the line below is wrong
* CAA 0 issue amazon.com
and instead we should use
@ CAA 0 issuewild amazon.com
Edited by: iLake on Oct 22, 2019 12:15 AM
Hi, so you only setting for "amazon.com"?
How about amazontrust.com , awstrust.com , amazonaws.com?
Can you share your screenshot from CloudFlare please? I'm still having CAA error :(
Notice the difference between @ versus * for the wildcard. It should be @.
Here is an example:
After saving, it looks like so:
Using dig on the cli, you should see something like so (notice "amazon.com" on the first line):
dig +short CAA benfran.com | sort
0 issue "amazon.com"
0 issue "comodoca.com"
0 issue "digicert.com; cansignhttpexchanges=yes"
0 issue "letsencrypt.org"
0 issue "pki.goog; cansignhttpexchanges=yes"
0 issuewild "comodoca.com"
0 issuewild "digicert.com; cansignhttpexchanges=yes"
0 issuewild "letsencrypt.org"
0 issuewild "pki.goog; cansignhttpexchanges=yes"
I only had to specify the one Amazon CA, "amazon.com" not all four. That aligns with the documentation too:
...a CAA record that specifies one of the following four Amazon CAs...
https://docs.aws.amazon.com/acm/latest/userguide/setup-caa.html
Contenus pertinents
- demandé il y a 7 mois
- demandé il y a 10 mois
- demandé il y a un an
AWS OFFICIELA mis à jour il y a 2 ans- AWS OFFICIELA mis à jour il y a 3 mois
