There is a DNS resource record type - CAA (Certificate Authority Authorization) - that allows to indicate which CAs are allowed to issue certificates for domains.
Stape uses the following Certificate Authorities: digicert.com, letsencrypt.org, pki.goog.
If you are using CAA records for your own domain, please make sure that you added these records in case:
- If you do not use Stape CDN functionality:
gtm.example.com. IN CAA 0 issue "letsencrypt.org"
- If you use Stape CDN functionality:
gtm.example.com. IN CAA 0 issue "digicert.com"
gtm.example.com. IN CAA 0 issue "letsencrypt.org"
gtm.example.com. IN CAA 0 issue "pki.goog"
Please notice that you have to revalidate your domain if some error occurs. It will not revalidate automatically, so you have to do it manually.
Comments
0 comments
Please sign in to leave a comment.