Part of the custom domain process is issuing a certificate for that hostname, which respects the CAA

K

kianOP•4/14/22, 1:02 PM

;; ANSWER SECTION:
restream.io.        86400    IN    CAA    0 issue "amazonaws.com"
restream.io.        86400    IN    CAA    0 issue "awstrust.com"
restream.io.        86400    IN    CAA    0 issue "comodoca.com"
restream.io.        86400    IN    CAA    0 issue "entrust.net"
restream.io.        86400    IN    CAA    0 issue "letsencrypt.org"
restream.io.        86400    IN    CAA    0 issuewild "amazon.com"
restream.io.        86400    IN    CAA    0 issuewild "amazontrust.com"
restream.io.        86400    IN    CAA    0 issuewild "sectigo.com"

;; ANSWER SECTION:
restream.io.        86400    IN    CAA    0 issue "amazonaws.com"
restream.io.        86400    IN    CAA    0 issue "awstrust.com"
restream.io.        86400    IN    CAA    0 issue "comodoca.com"
restream.io.        86400    IN    CAA    0 issue "entrust.net"
restream.io.        86400    IN    CAA    0 issue "letsencrypt.org"
restream.io.        86400    IN    CAA    0 issuewild "amazon.com"
restream.io.        86400    IN    CAA    0 issuewild "amazontrust.com"
restream.io.        86400    IN    CAA    0 issuewild "sectigo.com"

;; ANSWER SECTION:
restream.io.        86400    IN    CAA    0 issue "amazonaws.com"
restream.io.        86400    IN    CAA    0 issue "awstrust.com"
restream.io.        86400    IN    CAA    0 issue "comodoca.com"
restream.io.        86400    IN    CAA    0 issue "entrust.net"
restream.io.        86400    IN    CAA    0 issue "letsencrypt.org"
restream.io.        86400    IN    CAA    0 issuewild "amazon.com"
restream.io.        86400    IN    CAA    0 issuewild "amazontrust.com"
restream.io.        86400    IN    CAA    0 issuewild "sectigo.com"

;; ANSWER SECTION:
restream.io.        86400    IN    CAA    0 issue "amazonaws.com"
restream.io.        86400    IN    CAA    0 issue "awstrust.com"
restream.io.        86400    IN    CAA    0 issue "comodoca.com"
restream.io.        86400    IN    CAA    0 issue "entrust.net"
restream.io.        86400    IN    CAA    0 issue "letsencrypt.org"
restream.io.        86400    IN    CAA    0 issuewild "amazon.com"
restream.io.        86400    IN    CAA    0 issuewild "amazontrust.com"
restream.io.        86400    IN    CAA    0 issuewild "sectigo.com"

K

kianOP•4/14/22, 1:03 PM

By default, Cloudflare uses these ones.

example.com. IN CAA 0 issue "comodoca.com"
example.com. IN CAA 0 issue "digicert.com"
example.com. IN CAA 0 issue "letsencrypt.org"
example.com. IN CAA 0 issuewild "comodoca.com"
example.com. IN CAA 0 issuewild "digicert.com"
example.com. IN CAA 0 issuewild "letsencrypt.org"

example.com. IN CAA 0 issue "comodoca.com"
example.com. IN CAA 0 issue "digicert.com"
example.com. IN CAA 0 issue "letsencrypt.org"
example.com. IN CAA 0 issuewild "comodoca.com"
example.com. IN CAA 0 issuewild "digicert.com"
example.com. IN CAA 0 issuewild "letsencrypt.org"

example.com. IN CAA 0 issue "comodoca.com"
example.com. IN CAA 0 issue "digicert.com"
example.com. IN CAA 0 issue "letsencrypt.org"
example.com. IN CAA 0 issuewild "comodoca.com"
example.com. IN CAA 0 issuewild "digicert.com"
example.com. IN CAA 0 issuewild "letsencrypt.org"

example.com. IN CAA 0 issue "comodoca.com"
example.com. IN CAA 0 issue "digicert.com"
example.com. IN CAA 0 issue "letsencrypt.org"
example.com. IN CAA 0 issuewild "comodoca.com"
example.com. IN CAA 0 issuewild "digicert.com"
example.com. IN CAA 0 issuewild "letsencrypt.org"

K

kianOP•4/14/22, 1:03 PM

Add in the ones that you're missing - in this case,

issue "digicert.com"

issue "digicert.com"

issue "digicert.com"

issue "digicert.com",

issuewild "digicert.com"

issuewild "digicert.com"

issuewild "digicert.com"

issuewild "digicert.com" and

issuewild "letsencrypt.org"

issuewild "letsencrypt.org"

issuewild "letsencrypt.org"

issuewild "letsencrypt.org" then give it another go.

Rruwuby i pushed a test commit but there are 2 deployments for the same commit

I

Isaac McFadyen•4/14/22, 1:42 PM

GitLab?

Rruwuby yup

I

Isaac McFadyen•4/14/22, 1:43 PM

Yeah... there's a known bug there. There's a solution though.

I

Isaac McFadyen•4/14/22, 1:43 PM

Go into your Webhooks and delete one of the Cloudflare ones (you'll see two)

I

Isaac McFadyen•4/14/22, 1:43 PM

(It's being looked into by the team)

I

Isaac McFadyen•4/14/22, 1:45 PM

Either one

I

Isaac McFadyen•4/14/22, 1:45 PM

It's just because when you added the project it got duplicated somehow, but both work and you can delete either one.

I

Isaac McFadyen•4/14/22, 1:46 PM

The team's working on a fix

I

Isaac McFadyen•4/14/22, 1:47 PM

No problem blobthumbsup

I

Isaac McFadyen•4/14/22, 1:48 PM

Yeah, its not.

I

Isaac McFadyen•4/14/22, 1:48 PM

All commits get deployed once. If they're on the Production branch they will get put on both your pages.dev and your custom domain, if they're on any Preview branch only the pages.dev (with a prefix)

W

Walshy•4/14/22, 2:20 PM

Go for it

W

Walshy•4/14/22, 2:20 PM

Correct

W

Walshy•4/14/22, 3:15 PM

yep, we add a CORS header for you

W

Walshy•4/14/22, 3:15 PM

(which you can change or remove if you want)

K

kianOP•4/14/22, 3:16 PM

https://developers.cloudflare.com/pages/platform/headers/#cross-origin-resource-sharing-cors like so

AAlreadyPro Hi, I encountered a bug where my `*.pages.dev` website will not load if I am usi...

I

Isaac McFadyen•4/14/22, 4:36 PM

Can you try going to your pages.dev domain with a path of

/cdn-cgi/trace

/cdn-cgi/trace

?

I

Isaac McFadyen•4/14/22, 4:36 PM

If it won't load anything then it's a problem with your VPN's connectivity to the Cloudflare network.

I

Isaac McFadyen•4/14/22, 4:37 PM

Then your site should load... what kind of site is it? Is there anything you're doing to make it not work?

I

Isaac McFadyen•4/14/22, 4:37 PM

(for example, turning on an adblocker, blocking VPN connections, that kind of thing)

Part of the custom domain process is issuing a certificate for that hostname, which respects the CAA

Similar Threads

Similar Threads

Similar Threads