[英]Why can't I issue a SSL/TLS certificate for a subdomain of a Read The Docs website?
我有一个网站位于docs.example.com类的子域中。
我想在something.docs.example.com之类的子域中创建另一个网站。 我想使用 AWS Certificate Manager (ACM) 为该子域颁发 SSL/TLS 证书,但由于 CAA 记录而引发错误。
问题是docs.example.com是指向readthedocs.io的 CNAME。
当证书颁发机构查询域名并找到 CNAME 记录时,CA 应该在 CNAME 目标中查找 CAA 记录。
如果我使用命令dig caa docs.example.com查询 CAA 记录,我会得到以下响应:
;; QUESTION SECTION:
;docs.example.com. IN CAA
;; ANSWER SECTION:
docs.example.com 300 IN CNAME readthedocs.io.
readthedocs.io. 3600 IN CAA 0 issue "comodoca.com"
readthedocs.io. 3600 IN CAA 0 issue "digicert.com; cansignhttpexchanges=yes"
readthedocs.io. 3600 IN CAA 0 issue "letsencrypt.org"
readthedocs.io. 3600 IN CAA 0 issue "pki.goog; cansignhttpexchanges=yes"
readthedocs.io. 3600 IN CAA 0 issuewild "comodoca.com"
readthedocs.io. 3600 IN CAA 0 issuewild "digicert.com; cansignhttpexchanges=yes"
readthedocs.io. 3600 IN CAA 0 issuewild "letsencrypt.org"
readthedocs.io. 3600 IN CAA 0 issuewild "pki.goog; cansignhttpexchanges=yes"
请注意,AWS ACM 不是 CAA 记录中列出的 CA 之一。 要解决此问题,这四个 Amazon CA 域之一需要有 CAA 记录:
amazon.comamazontrust.comawstrust.comamazonaws.com
为什么我需要单独的 SSL 证书和 SXG 证书才能为我的网站启用 Signed Exchange?
[英]Why I need an SSL certificate and SXG certificate separately to enable Signed Exchange for my website?
为要与 CloudFront 一起使用的单个子域颁发 AWS 证书?
[英]Issue AWS certificate for a single subdomain to be used with CloudFront?
无法获得 LetsEncrypt SSL 证书以与 AWS Lightsail 一起使用
[英]Can't get LetsEncrypt SSL certificate to work with AWS Lightsail
在 AWS 云中的何处安装私有服务的公共 TLS/SSL 证书?
[英]Where to install Public TLS/SSL Certificate for private service in AWS Cloud?
SSL ADF 中 BigQuery Linked Service 中的 TLS 版本问题
[英]SSL TLS Version issue in BigQuery Linked Service in ADF
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.