From 8d9150ff2a36b9606abd3445407836772b96e58f Mon Sep 17 00:00:00 2001 From: Florian Lackner Date: Sat, 28 Feb 2026 19:45:55 +0100 Subject: [PATCH] add a hint about dnssec to the custom domains doc --- content/codeberg-pages/using-custom-domain.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/content/codeberg-pages/using-custom-domain.md b/content/codeberg-pages/using-custom-domain.md index 41f5fe8..9b8ef89 100644 --- a/content/codeberg-pages/using-custom-domain.md +++ b/content/codeberg-pages/using-custom-domain.md @@ -29,6 +29,9 @@ If you have a [CAA record](https://en.wikipedia.org/wiki/DNS_Certification_Autho you must [explicitly allow Let's Encrypt in your CAA record](https://letsencrypt.org/docs/caa/). The value of the CAA record would look like `letsencrypt.org;accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/292520050;validationmethods=tls-alpn-01,http-01`. +If you're using [DNSSec](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) on your custom domain, you might run into TLS certificate issues because `codeberg.page` doesn't use DNSSec at the moment. +In this case you must add `A` / `AAAA` / `TXT` records for all domains instead of `CNAME` records. You can use [this tool](https://dnssec-analyzer.verisignlabs.com) to verify your setup. + {% endadmonition %} For custom domains, two things are required: