I’m curious how domain verification works using A and AAAA records. In my case, I pointed the A and AAAA records for my apex domain at my app’s ip addresses and generated a new cert. I was expecting to need a CNAME record to complete domain ownership validation, but it completed automatically without it. Looking at my cert on my dashboard, it explains:
If the domain is directing traffic to your application with a CNAME record or both
AAAA records, we will verify it automatically.
So can anyone help me understand how this process works using just A and AAAA records?
As far a I know it works like this
When you claim that domain name is yours you have authority to change records of it right?
Now You have the domain you added A and AAAA which means your
domain points to the ip addresses present in A or AAAA
Now what the verifier does is
They try to access the cert using the domain
which if you have authority to change records
will point to whatever server you like to point
either by CNAME or A or AAAA
Now I got access to the cert I verify if its yours
if it is yours its verified that you have the domain
else verification fails
I guess that’s it.
Correct me if I am wrong. Always willing to learn
We use ALPN verification for letsencrypt certificates: Challenge Types - Let's Encrypt
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.