From c1e74d7e582e6d2aaa14d075521433953cea3f42 Mon Sep 17 00:00:00 2001 From: Florian Lackner Date: Mon, 2 Mar 2026 02:22:25 +0100 Subject: [PATCH] Add a hint about dnssec to the custom domains doc (#758) I [ran](https://codeberg.org/Codeberg/Community/issues/2417) into this issue (originally reported [here](https://codeberg.org/Codeberg/Community/issues/1881)). This is my first contribution, so I apologize in advance if I didn't follow the process properly. Reviewed-on: https://codeberg.org/Codeberg/Documentation/pulls/758 Reviewed-by: Gusted Co-authored-by: Florian Lackner Co-committed-by: Florian Lackner --- content/codeberg-pages/using-custom-domain.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/content/codeberg-pages/using-custom-domain.md b/content/codeberg-pages/using-custom-domain.md index 41f5fe8..9b8ef89 100644 --- a/content/codeberg-pages/using-custom-domain.md +++ b/content/codeberg-pages/using-custom-domain.md @@ -29,6 +29,9 @@ If you have a [CAA record](https://en.wikipedia.org/wiki/DNS_Certification_Autho you must [explicitly allow Let's Encrypt in your CAA record](https://letsencrypt.org/docs/caa/). The value of the CAA record would look like `letsencrypt.org;accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/292520050;validationmethods=tls-alpn-01,http-01`. +If you're using [DNSSec](https://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) on your custom domain, you might run into TLS certificate issues because `codeberg.page` doesn't use DNSSec at the moment. +In this case you must add `A` / `AAAA` / `TXT` records for all domains instead of `CNAME` records. You can use [this tool](https://dnssec-analyzer.verisignlabs.com) to verify your setup. + {% endadmonition %} For custom domains, two things are required: