From 89e5a8b70d58bca46512eca936ffa2d49a692780 Mon Sep 17 00:00:00 2001 From: josh-konghq Date: Fri, 31 Jan 2025 13:39:05 -0500 Subject: [PATCH 1/2] Update custom-dns.md Updating Serverless for CAA instructions --- .../serverless-gateways/custom-dns.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/app/konnect/gateway-manager/serverless-gateways/custom-dns.md b/app/konnect/gateway-manager/serverless-gateways/custom-dns.md index d05b986e02c..5cd85edc2c9 100644 --- a/app/konnect/gateway-manager/serverless-gateways/custom-dns.md +++ b/app/konnect/gateway-manager/serverless-gateways/custom-dns.md @@ -36,3 +36,18 @@ title: Custom Domains for Serverless Gateways 1. In {{site.konnect_short_name}}, open {% konnect_icon runtimes %} **Gateway Manager**, choose a control plane to open the **Overview** dashboard, then click **Custom Domains**. 2. Click the action menu on the end of the row you want to delete and click **Delete**. + +## Custom Domain Attachment & CAA Record Issue + +If your custom domain attachment fails, check if your domain has a CAA record restricting certificate issuance. Serverless Gateways uses Let's Encrypt CA to provision SSL/TLS certificates. If your CAA record does not include the required CA, certificate issuance will fail. + +Steps to Fix: +1. Check existing CAA records + * Run: dig CAA yourdomain.com +short + * If a CAA record exists but doesn't allow Let's Encrypt (letsencrypt.org), update it. +2. Update the CAA record (if needed) + * yourdomain.com. CAA 0 issue "letsencrypt.org" +3. Wait for DNS propagation and retry attaching your domain. + +If no CAA record exists, no changes are needed. More details: [Let's Encrypt CAA Guide](https://letsencrypt.org/docs/caa/) + From 7ebb06495b8e712a9cc54a2851ae9dd9f9af835e Mon Sep 17 00:00:00 2001 From: Diana <75819066+cloudjumpercat@users.noreply.github.com> Date: Fri, 31 Jan 2025 14:43:07 -0600 Subject: [PATCH 2/2] Apply suggestions from code review --- .../serverless-gateways/custom-dns.md | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/app/konnect/gateway-manager/serverless-gateways/custom-dns.md b/app/konnect/gateway-manager/serverless-gateways/custom-dns.md index 5cd85edc2c9..565c7002f08 100644 --- a/app/konnect/gateway-manager/serverless-gateways/custom-dns.md +++ b/app/konnect/gateway-manager/serverless-gateways/custom-dns.md @@ -37,17 +37,16 @@ title: Custom Domains for Serverless Gateways 2. Click the action menu on the end of the row you want to delete and click **Delete**. -## Custom Domain Attachment & CAA Record Issue +## Custom domain attachment and CAA record troubleshooting -If your custom domain attachment fails, check if your domain has a CAA record restricting certificate issuance. Serverless Gateways uses Let's Encrypt CA to provision SSL/TLS certificates. If your CAA record does not include the required CA, certificate issuance will fail. +If your custom domain attachment fails, check if your domain has a Certificate Authority Authorization (CAA) record restricting certificate issuance. Serverless Gateways use Let's Encrypt CA to provision SSL/TLS certificates. If your CAA record doesn't include the required CA, certificate issuance will fail. -Steps to Fix: -1. Check existing CAA records - * Run: dig CAA yourdomain.com +short - * If a CAA record exists but doesn't allow Let's Encrypt (letsencrypt.org), update it. -2. Update the CAA record (if needed) - * yourdomain.com. CAA 0 issue "letsencrypt.org" +You can resolve this issue by doing the following: + +1. Check existing CAA records by running `dig CAA yourdomain.com +short`. + If a CAA record exists but doesn't allow Let's Encrypt (`letsencrypt.org`), update it. +2. Update the CAA record, if needed. For example: `yourdomain.com. CAA 0 issue "letsencrypt.org"` 3. Wait for DNS propagation and retry attaching your domain. -If no CAA record exists, no changes are needed. More details: [Let's Encrypt CAA Guide](https://letsencrypt.org/docs/caa/) +If no CAA record exists, no changes are needed. For more information, see the [Let's Encrypt CAA Guide](https://letsencrypt.org/docs/caa/).