Troubleshooting DNS issues with Trust Center custom domains

SSL certificate issues

If you use CAA records to control who can issue SSL certificates on your domain, in order to use a Secureframe Trust custom domain, you must allow Google Domains to issue a certificate for your domain.  You do this by adding a CAA record for pki.goog alongside your existing records.  The content delivery network that secures your connections to Secureframe Trust, e.g. Cloudflare, uses Google Domains to issue this certificate on your behalf.  Secureframe does not and will not issue any certificates for your domain.

Check your CAA Records

To see if you are using CAA records today, you can use an online lookup tool such as https://www.nslookup.io/caa-lookup/.  If you are not using CAA records, and don't see any, no action is required.

For detailed background material you can optionally see https://developers.cloudflare.com/ssl/reference/certificate-authorities/ and https://developers.cloudflare.com/ssl/edge-certificates/caa-records/#who-should-create-caa-records: "When adding new Custom Hostname and your customer has existing CAA records. In this case, ask your customer to remove the existing CAA records or add the missing CAA record."

Common Errors

Error 1014: CNAME Cross-User Banned or Error 1001: DNS Resolution Error

If you see this error when you attempt to use a custom Trust Center domain and you're using Cloudflare, you must contact Cloudflare's Abuse team (who controls domain bans) by going to the webform here

Important Note: This is not an issue that Secureframe can resolve, so our recommendation is to  contact Cloudfare right away. You can also review Cloudflare Community forum for additional details here. 

If you have an open Secureframe Support Ticket or if you are already in contact with your Customer Success Manager, feel free to keep us informed on your attempt with Cloudflare so that we can review on our end through resolution. 

Was this article helpful?

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.