{"id":7096,"date":"2024-10-03T23:14:37","date_gmt":"2024-10-03T23:14:37","guid":{"rendered":"https:\/\/www.smarthost.au\/blog\/?p=7096"},"modified":"2024-10-03T23:14:37","modified_gmt":"2024-10-03T23:14:37","slug":"free-ssl-certificates-at-smarthost-au-and-dns-zone-at-a-third-party-provider","status":"publish","type":"post","link":"https:\/\/www.smarthost.au\/blog\/free-ssl-certificates-at-smarthost-au-and-dns-zone-at-a-third-party-provider","title":{"rendered":"Free SSL certificates at smarthost.au and DNS zone at a third-party provider"},"content":{"rendered":"\n<p>On our hosting platform, <strong>SSL<\/strong> certificates are issued automatically when the domain is attached as well as renewed automatically before the expiration period (<em>free certificates are issued for 3 months and our system makes sure that they are renewed regularly<\/em>).<\/p>\n\n\n\n<p>Certificates are generated automatically when we perform a classic basic configuration:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>connect domains in <strong>cPanel<\/strong> at smarthost.au<\/li>\n\n\n\n<li>set up <strong>DNS<\/strong> servers on smarthost.au<\/li>\n<\/ul>\n\n\n\n<p>Sometimes it happens that we have a more complex configuration &#8211; for example, the mail is on the hosting server of company A, and the website is on the server of company B. In most companies this is not a problem, but there are exceptions. For example, if the DNS servers point to company X, and the website is pointed to a different server (via the so-called A record), the free SSL certificate may not issue or renew. Why does this happen, and how can it be remedied?<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">CAA records in the DNS system<\/h2>\n\n\n\n<p>Some time ago, a new record called <strong>CAA<\/strong> (<em>Certification Authority Authorization<\/em>) was added to the <strong>DNS<\/strong> system. This is a record in the <strong>DNS<\/strong> zone that describes which authorities can issue SSL certificates for a given domain.<\/p>\n\n\n\n<p>Most DNS systems do not add this record &#8211; so there are no problems with issuing both paid and free certificates from any trusted provider.<\/p>\n\n\n\n<p>However, some companies automatically add the following entries to their DNS system:<\/p>\n\n\n\n<p><em>customer-domain.au. 3600 IN <strong>CAA<\/strong> 0 issue &#8220;certum.eu&#8221;<br>customer-domain.au. 3600 IN <strong>CAA<\/strong> 0 issue &#8220;letsencrypt.org&#8221;<br>customer-domain.au. 3600 IN <strong>CAA<\/strong> 0 issuewild &#8220;letsencrypt.org&#8221;<br>customer-domain.au. 3600 IN <strong>CAA<\/strong> 0 issuewild &#8220;certum.eu&#8221;<\/em><br><\/p>\n\n\n\n<p>The above entries mean that only SSL certificates signed by Certum.eu and Let&#8217;s Encrypt can be issued for a domain whose DNS servers are set to Company X. Regardless of the fact that the A record points to a server other than the one operated by Company X, the key is the DNS entry.<\/p>\n\n\n\n<p>Default CAA entries that block the issuance of certificates other than those indicated mostly cannot be removed in the domain management system.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Solution to CAA lockout problem<\/h2>\n\n\n\n<p>At <strong>smarthost.au<\/strong>, the default and automatic free SSL certificate is a certificate signed by one of the world&#8217;s largest certification centers, i.e. <strong>Comodo<\/strong> (which recently changed its name to <em><strong>Sectigo<\/strong><\/em>). To allow us to issue an SSL certificate, you need to add an entry:<\/p>\n\n\n\n<p><em>customer-domain.au. 3600 IN <strong>CAA<\/strong> 0 issue &#8220;comodoca.com&#8221;<\/em><\/p>\n\n\n\n<p>After adding this entry, you must wait for the so-called <strong>DNS<\/strong> propagation time &#8211; for all servers in the world to notice the change, which in practice takes up to 24 hours at most. From then on, the free certificate will be issued by <strong>smarthost.au<\/strong> automatically and will also renew automatically.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On our hosting platform, SSL certificates are issued automatically when the domain is attached as well as renewed automatically before the expiration period (free certificates are issued for 3 months and our system makes sure<a class=\"read-more\" href=\"https:\/\/www.smarthost.au\/blog\/free-ssl-certificates-at-smarthost-au-and-dns-zone-at-a-third-party-provider\">Continue reading<\/a><\/p>\n","protected":false},"author":20,"featured_media":7119,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[432,20,8,42],"tags":[848,849,318,308,302,285,1307],"class_list":["post-7096","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dns-pl","category-hosting","category-security","category-ssl-certificates","tag-caa","tag-comodo","tag-cpanel-hr","tag-dns-hr","tag-mail-hr","tag-ssl-hr","tag-ssl-certificate"],"_links":{"self":[{"href":"https:\/\/www.smarthost.au\/blog\/wp-json\/wp\/v2\/posts\/7096","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.smarthost.au\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.smarthost.au\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.smarthost.au\/blog\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/www.smarthost.au\/blog\/wp-json\/wp\/v2\/comments?post=7096"}],"version-history":[{"count":2,"href":"https:\/\/www.smarthost.au\/blog\/wp-json\/wp\/v2\/posts\/7096\/revisions"}],"predecessor-version":[{"id":7098,"href":"https:\/\/www.smarthost.au\/blog\/wp-json\/wp\/v2\/posts\/7096\/revisions\/7098"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.smarthost.au\/blog\/wp-json\/wp\/v2\/media\/7119"}],"wp:attachment":[{"href":"https:\/\/www.smarthost.au\/blog\/wp-json\/wp\/v2\/media?parent=7096"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.smarthost.au\/blog\/wp-json\/wp\/v2\/categories?post=7096"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.smarthost.au\/blog\/wp-json\/wp\/v2\/tags?post=7096"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}