hyunkim.lawyer
Musings of a simple lawyer on things other than the law

weekend hobbies

by Hyun Kim, on February 23, 2025

This thing is quickly becoming weekend hobbies. It’s rather tricky to exactly regenerate what I did before, even after 1-2 days later. I want 2 websites, on the same software and server, but it fails second time. Something related to the github actions. OK, I succeeded solving the github actions problem.

On the other hand, on https issue, the other site succeeded at once, no problem at all. On the other hand, this site… Problem is, on those domain settings the feedback is too long, like 1–2 hours. I removed all those TXT and CNAME things seemingly related to the legacy google domain thing. And, it’s not like there’re lots of things to try. Like, remove it, then after several minutes, re-add it and then wait a couple hours (or 24 hours, or 48 hours, whatever). Hope it works. Let’s wait and see a couple more hours.

So, what’s the CAA Record? According to What are CAA records?, it’s a list of CA (certificate authorities) that is permitted to issue SSL/TLS certificates for that domain. That’s counterintuitive. If you want, for example, github to issue CA through anyone (that is, delegate the power to github), just have a low barrier CAA, or none at all. Otherwise, give a certain CAA (say letsencrypt.org) and that CAA only, then the record should look like:

0 issue “letsencrypt.org”

See How to add set CAA records to allow Lets Encrypt to generate certificates. Interesting. It’s not saying that authority has issued a CA, but that authority only has the power to issue it, and if that has issued it or not is non of the DNS record’s business.

That means, you don’t generally need a CAA record. On the other hand, you should care, if you have some complex deployment all over the place, and configure carefully, especially the CNAME thing.

For more information, check Using CAA. You can check if you have correctly configured it by checking it at CAA Lookup homepage.

Yes, a couple of hours, waiting in front of a computer is a long time, especially during weekends, so I sort of looked up. See, I do care, sometimes.

Note: Did I break things at github? It’s taking longer, just for loading the pages page.