Let's Encrypt "validations" expire after 30 days, and given the 90 days expiration of certificates,

Let's Encrypt "validations" expire after 30 days, and given the 90 days expiration of certificates, they are typically being renewed, when there is 30 days (or less) left on the previous certificate, meaning around every 60 days.
The TXT would therefore need to be changed at least once every 60 days for that reason.

You SHOULD be able to set it up with the DCV Delegation to avoid having to change it all the time, for you customer's setup with your SaaS configuration.

However, the DCV Delegation could be a Catch-22, and come with similar consequences:

If your customer is creating a CNAME (or other records) on the

_acme-challenge

_acme-challenge

label for e.g. Let's Encrypt validations, then their set up with any other provider trying to issue certificates (and depending on the same DNS record label for that) may cause them to break the set up with you, when they are trying to fix the issuance problem they're ending up with on their other provider, and vice versa.

DDarkDeviL Let's Encrypt "validations" expire after 30 days, and given the 90 days expirati...

Chaika•3/25/24, 4:54 PM

could also just use http validation

CChaika could also just use http validation

DarkDeviLOP•3/25/24, 4:59 PM

That might indeed be a potential alternative.

I was focusing on the TXT here, because TXT was being mentioned, and questions were made about automation.

Burrito•3/25/24, 5:17 PM

Hmm, so with a TXT record I'd have to contact customers and have them update it every 2 months?

Burrito•3/25/24, 5:18 PM

With DCV Delegation I wouldn't have to, but that comes with its own problems as it takes up the

_acme-challenge

_acme-challenge

CNAME.

DarkDeviLOP•3/25/24, 5:50 PM

Something like that, yeah.

Some providers are requesting the

_acme-challenge

_acme-challenge

to be pointed via CNAME to them, others are requesting it to be done through NS records, but using the DNS records that way always come with that Catch-22 / caveat - fixing it for the one provider, but braking it for the other.

chintu•3/25/24, 5:50 PM

how to check my wordpress website outage due to cron job run or anyother issues

DarkDeviLOP•3/25/24, 5:50 PM

HTTP validation as Chaika mentioned above could be the alternative you're looking for.

crane•3/25/24, 6:06 PM

Hello everyone

marksfrancis•3/25/24, 6:39 PM

Where would I find some reference architecture / documentation describing how to set up Cloudflare for multiple teams deploying independent services?

Context:
I have multiple teams who own their own services / applications (including workers, D1, whatever else they might need for their service) and I want to manage the landscape.

Ideally, I want to control access to avoid foot-guns (developers using services that we don't use), have centralised billing (which only finance users can manage, not individual developers), have some sort of process for granting production access to things like D1 (e.g. break glass scenario), and to avoid duplicate work (like WAF setup) wherever possible.

Similar things from other cloud providers:

AWS Well Architected framework / Control Tower
Azure Well Architected framework / Landing Zones

Pprender who can I contact about enterprise plan? do enterprise partner give significantl...

Hello, I’m Allie!•3/26/24, 9:51 AM

https://www.cloudflare.com/plans/enterprise/discover/contact/

Contact Enterprise Sales | Speak to an Expert | Cloudflare

Contact Cloudflare enterprise sales today to gain access to advanced features. Discover the advantages of Cloudflare's connectivity cloud for enterprises.

Sohaib Muhammad•3/26/24, 11:12 AM

can you help me with this workers.api.error.no_access_to_browser_worker [code: 10088]

Sohaib Muhammad•3/26/24, 11:13 AM

Sohaib Muhammad•3/26/24, 11:16 AM

i am on free plan, do i need paid plan or from where i can enable this

Sohaib Muhammad•3/26/24, 11:19 AM

is there any way we can use puppeteer in worker if access is not granted ?

Sohaib Muhammad•3/26/24, 11:19 AM

how can i request access, can you give a link

Sohaib Muhammad•3/26/24, 11:20 AM

thanks much appreciated

Ori•3/26/24, 12:43 PM

Hi,
I have a question and I hope someone here may give me some insight

I need to retrieve Audit Logs for an account via the Cloudflare API (endpoint is https://api.cloudflare.com/client/v4/accounts/account_id/audit_logs). The problem is that I can't find which permission I need to give the API token I'm creating to get access to the resource. Every permission I've tried until now gives me an 10000 Authentication Error response. I hope someone could help me find the exact permission I need. Thank you

dave•3/26/24, 2:11 PM

Does Cloudflare (or anyone I guess) have a simple HTTP server that echoes back what HTTP request headers were seen?

kian•3/26/24, 2:11 PM

There's a

http-echo-server

http-echo-server

on npm iirc

kian•3/26/24, 2:11 PM

Just

npx http-echo-server

npx http-echo-server

dave•3/26/24, 2:11 PM

a public one ideally

kian•3/26/24, 2:11 PM

https://httpbin.org/anything

dave•3/26/24, 2:12 PM

perfect, thank you!

Razor101•3/26/24, 2:28 PM

:durable_objects:

Giovani•3/26/24, 2:39 PM

Hey am new

Stulla•3/26/24, 4:06 PM

Are Paypal and Bank the only ways to renew domains? I am having issues with both (unrelated to renewal) .

x03•3/26/24, 4:15 PM

@Isaac McFadyen I also prefer to use sessions over JWT because I want to implement a way to view all of your sessions and where they're logged in from

x03•3/26/24, 4:15 PM

and allow users to terminate sessions

Isaac McFadyen•3/26/24, 4:16 PM

Ah, yeah. That's totally valid.

x03•3/26/24, 4:16 PM

I guess I have two options now, either switch from KV to D1 for storing sessions, or just swap to a VPS

Isaac McFadyen•3/26/24, 4:16 PM

Yeah, D1 seems like a good alternative to KV for this.

x03•3/26/24, 4:16 PM

my main reason for storing sessions in KV was because of the expiration feature and the speed at which you can access data

Isaac McFadyen•3/26/24, 4:17 PM

You could also use BetterKV. It's regular KV but then uses the Cache API to reduce the number of reads you're billed for.

x03•3/26/24, 4:17 PM

is BetterKV a cloud provider

Xx03 is BetterKV a cloud provider

Isaac McFadyen•3/26/24, 4:17 PM

Nope, it's a NPM package.

Isaac McFadyen•3/26/24, 4:17 PM

Sec.

Isaac McFadyen•3/26/24, 4:17 PM

https://flareutils.pages.dev/betterkv/

Isaac McFadyen•3/26/24, 4:18 PM

Part of Flareutils: https://flareutils.pages.dev/

x03•3/26/24, 4:18 PM

Ah even better

x03•3/26/24, 4:18 PM

I'm still a little sad I made my whole project work on Cloudflare just to realize the pricing would absolutely kill me because of the checks I do in the middleware