Edge
Understanding a managed CNAME setup
In a managed CNAME setup, you get an Acquia-managed domain that acts as the DNS target for your hostnames. This domain takes the form [codebase].acquiaedge.net where [codebase] is the name of the codebase for your application protected by Acquia Edge. You can use any hostnames specified as the Fully-Qualified Domain Name for any domains served by your application.
Managed CNAME setups are available only to new customers who started with Acquia Edge after January 1, 2021. To reference setups for pre-existing deployments, see Getting started with Acquia Edge powered by Cloudflare.
Edge[codebase].acquiaedge.net for the specific domain that Acquia supplied to you for your application.The DNS tab is not used to manage any hostnames that you can use with Acquia Edge. You will see several Acquia-defined records resolving to your application.
Do not modify any records defined on the DNS tab unless the elastic IP addresses for your application change.
Custom hostnames are third-party hostnames that CNAME to your domain to receive performance and security benefits of Acquia Edge powered by Cloudflare.
Confirm that the Fallback Origin status on SSL/TLS - Custom Hostnames is ACTIVE so that the system starts populating custom hostnames into your Cloudflare account.
Fallback Origin acts as the default origin server for your hostnames, such as fallback.yoursite.acquiaedge.net. Fallback Origin is a proxied DNS record in your zone.
If Fallback Origin is not set, contact your Account Manager or Acquia Support to have it set.
Click Add Custom Hostname.
The system displays the Add Custom Hostname section.
In Minimum TLS version, select TLS 1.2.
If you use the TXT validation method, your certificates are issued before modifying DNS for any hostnames.
Acquia does not recommend you to use email validation unless you are a publicly listed administrator or webmaster in WHOIS for your domains.
After you create the custom hostname with TXT validation, Cloudflare generates two TXT records that must be added to your Authoritative DNS configuration.
Ensure that the TTL on your DNS records is as low as 5 minutes, so that this change propagates faster. It takes Cloudflare longer to validate your TXT Records depending on how long ago they were created.
The Edge Certificates section of the SSL/TLS tab is not used to view or manage any certificates for your domain in a managed CNAME setup.
Prior to launch, Acquia recommends testing all DNS and SSL configurations.
To launch a domain using Cloudflare for SaaS (Managed CNAME for Acquia Edge), complete the following steps:
Plan your CNAME records for launch.
In this step, you do not update your DNS, but instead confirm that you have the correct CNAME records for your DNS update on your scheduled launch date.
For each hostname, create a record in your authoritative DNS resolving to the acquiaedge.net domain for your application
For example, for the hostname www.example.com with the codebase mysite:
Type: CNAME
Name: www.example.com
Target: mysite.acquiaedge.netFor any bare domains, you can use a record resolving the IP addresses returned when performing a DNS lookup against the [codebase].acquiaedge.net domain corresponding to your application.
Type: A
Name: example.com
Target: 192.0.0.1After activating your hostnames you will want to ensure your Let’s Encrypt or Google Trust Services certificates will auto-renew. You can do this by changing the Validation method from TXT to HTTP post-activation. Wildcard certificates cannot be set to auto-renew. (HTTP Validation is not possible with wildcard certificates.) Note: Make sure the domain is pointing to CF. Usually it will have the CNAME record attached or it is pointing to a Cloudflare IP Address
The minimum TLS version is defined based on the hostname.
In Certificate type, select Provided by Cloudflare.
You can also use a custom certificate by selecting Custom certificate. Your custom certificate does not auto-renew so you are responsible for managing it. Acquia Edge only accepts the following types of publicly-trusted certificates:
If you attempt to upload a self-signed certificate or a certificate of another type, it is rejected.
In SSL certificate authority, select Google Trust Services or Let’s Encrypt.
Acquia recommends you to use Google Trust Services or Let’s Encrypt instead of DigiCert. These certificates only last upto 90 days. However, they can be auto-renewed. For information about how to configure them to auto-renew, see Setting your SSL Certificates to Auto-Renew.
In Certificate validation method, select TXT Validation.
Acquia recommends you to select TXT Validation for initial setup. However, you can also select HTML Validation.
Select the Enable wildcard checkbox.
Acquia does not recommend Wildcard certificates as they cannot be renewed automatically. The Google Trust Services and Let’s Encrypt certificates match hostnames that you have entered.
In Custom origin server, select Default origin server.
Acquia recommends you to select Default origin server because in most cases your pair of Acquia dedicated load balancers is shared across your Acquia hosting environments. However, you can also select Custom origin server and specify its value.
If this content did not answer your questions, try searching or contacting our support team for further assistance.
The minimum TLS version is defined based on the hostname.
In Certificate type, select Provided by Cloudflare.
You can also use a custom certificate by selecting Custom certificate. Your custom certificate does not auto-renew so you are responsible for managing it. Acquia Edge only accepts the following types of publicly-trusted certificates:
If you attempt to upload a self-signed certificate or a certificate of another type, it is rejected.
In SSL certificate authority, select Google Trust Services or Let’s Encrypt.
Acquia recommends you to use Google Trust Services or Let’s Encrypt instead of DigiCert. These certificates only last upto 90 days. However, they can be auto-renewed. For information about how to configure them to auto-renew, see Setting your SSL Certificates to Auto-Renew.
In Certificate validation method, select TXT Validation.
Acquia recommends you to select TXT Validation for initial setup. However, you can also select HTML Validation.
Select the Enable wildcard checkbox.
Acquia does not recommend Wildcard certificates as they cannot be renewed automatically. The Google Trust Services and Let’s Encrypt certificates match hostnames that you have entered.
In Custom origin server, select Default origin server.
Acquia recommends you to select Default origin server because in most cases your pair of Acquia dedicated load balancers is shared across your Acquia hosting environments. However, you can also select Custom origin server and specify its value.
If this content did not answer your questions, try searching or contacting our support team for further assistance.