even if the custom hostname is not managed by Cloudflare?
even if the custom hostname is not managed by Cloudflare?
Rlet;s say the Customer has it at GoDaddy
RThis is what i see in the CF docs
CThat is about the original version for SSL for SaaS which was completely different and weird
CYou can't use HTTP DCv for prevalidation (before they add the CNAME) for.. obvious reasons but see
https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/http/
https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/http/
Cloudflare is able to serve a random token from our edge due to the fact that site.example.com has a CNAME in place to $CNAME_TARGET, which ultimately resolves to Cloudflare IPs. If your customer has not yet added the CNAME, the CA will not be able to retrieve the token and the process will not complete.
We will attempt to retry this validation check for a finite period before timing out. Refer to Validation Retry Schedule for more details.
Cthe custom hostname is managed by Cloudflare since it points to your Cloudflare zone and goes through CF's CDN
RSo just tell the customer hey point your domain ar this CNAME and that is all?
CIt's an option. It's also how Pages and R2 work. It means there will be some downtime if they're switching providers before the cert is issued (and if they have CAA records blocking it, it might never work and therefor cause more downtime before you realize that, you could check for CAA records on your end tho/put them on the cname target hostname
C*Pages and R2 can avoid downtime if pointing to a CF zone because CF for SaaS will use your Universal or any adv/custom cert while the CF For SaaS one is pending
RHow can the caa be in the target hostname? All i was able to find on CAA is this, that the customer needs to add this 3 ones
https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/troubleshooting/
https://developers.cloudflare.com/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/troubleshooting/
Cyou set CAA records up on your end on the hostname they point to
Ccustomer.example.com -> fallback.saasprovider.com
fallback.saasprovider.com would have CAA records, those 3 it wants
fallback.saasprovider.com would have CAA records, those 3 it wants
Cnote: That would only work if they do not hide the CNAME, some DNS Providers offer ALIAS records to resolve the cname down to a/aaa records (and this is required for apex/root CNAMEs)
CCAA is a type of DNS record that allows site owners to specify which Certificate Authorities (CAs) are allowed to issue certificates containing their domain names. It was first standardized in 2013, and the version we use today was standardized in 2019 by RFC 8659 and RFC 8657. By default, every public CA is allowed to issue certificates for any...
Cit's not something required by any means, but it could help you avoid the situation where you have a customer who has CAA records on their domain restricting your issuance
RAh, thank you very much on your help 
RIn CF the tag should be
only allows specific hostnamesFor the caa yea
Rso it would look like this right?
H#cf1-general
4Hey there, I configured an access policy to only allow certain emails but when I test it I can connect using other emails (also tried on app not just test page). am I doing something wrong
4Setting allowed domains to @mydomain.ca and @mydomain.org just gives me the following:
4I added
Get a login code emailed to you
Bgm
Bquestion about using a cloudflare worker for hosting metadata and getting an error if there are any devs in here or someone can point me in the right direction
OHello! I just added a website to cloudflare and it is timming out. This is a website hosted at AWS. Is there a trick to make it work? https://mortgageloansaz.com/
DHi, so what're the differences between Jekyll (for Github) and wrangler for CF?
Zhello
Shello
SI use Telekom Romania internet with IP 178.138.33.238, I cannot acces Cloudflare IPs [188.114.96.3] [188.114.97.3] from several days.
Sit's ISP problem?
Ii'm not quite sure what you mean with accessing those IPs
Ithose are 2 US colo IPs (as far as i can tell), are you trying to directly dial them?
SPing statistics for 188.114.97.3:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)
STelekom users cannot access Cloudflare sites with those class IPs
I
Iwhat do you mean by that
S
I:)
Ilooks like they were trying to do exactly what i asked
Sok, thanks.
Ois there a dashboard metric for amount of data downloaded/ingressed vs served, for file uploads
DHello, how long does a startup apply response take?
I applied on September 1 and I still haven't gotten a response.
I applied on September 1 and I still haven't gotten a response.
DI'd say more than a week, the team probably got many entries
DI understand, do you know if it is rejected/approved, do they still send the confirmation to the email?
DThey will definitely reach out if you're accepted into the program
AHi I want to use Cloudflare for my FiveM server and set up a load balancer with Nginx. However, Cloudflare already handles some of the load balancing. How can I disable this feature while keeping the Cloudflare proxy active?
