Hacker News new | past | comments | ask | show | jobs | submit login

Last time I checked Cloudflare had incomplete support for CAA (no issuewild or flags).

OHV also mentioned they are working on it but that was half a year ago and so nothing.




They definitely support issuewild now, but annoyingly will inject their own extremely broad CAA records into your zone unless you go into a different UI and hit "Disable Universal SSL" down the bottom of the page, even if you don't use their proxy service. I tried submitting feedback about this but I assume it got ignored by the support rep.

Not a huge fan of the CAA UI. I would prefer the option to enter the RRs in a raw format (like TXT records), even if it's not the default UI.


That they generate certificates with my name was such a bewildering move (I knew as I monitor CT logs). I had to contact support for them to stop as they admitted there was no UI for that.

> Not a huge fan of the CAA UI. I would prefer the option to enter the RRs in a raw format (like TXT records), even if it's not the default UI.

Couldn't agree more. No SSHFP too. I'm waiting for OVH to add CAA records and I migrate back to them.


I sent a support request a few weeks ago asking for CAA recently too, they didn't even indicate they were planning to add that.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: