Information for: DEVELOPERS   PARTNERS

Understanding a managed CNAME setup

In a managed CNAME setup, you get an Acquia-managed domain that acts as the DNS target for your hostnames. This domain takes the form [codebase].acquiaedge.net where [codebase] is the name of the codebase for your application protected by Acquia Edge. You can use any hostnames specified as the Fully-Qualified Domain Name for any domains served by your application.

Note

Managed CNAME setups are available only to new customers who started with Acquia Edge after January 1, 2021. To reference setups for pre-existing deployments, see Getting started with Acquia Edge.

Benefits of a managed CNAME setup

  • Proxy of “bare”/apex domains: DNS RFCs prohibit the use of a CNAME at the zone apex. Managed CNAME setups provide a dedicated IP pair that you can use to protect your bare domains. To retrieve these addresses, run a DNS query against [codebase].acquiaedge.net for the specific domain that Acquia supplied to you for your application.
  • Simplified support for “vanity” domains and redirects: You can manage any hostnames for your application in a single configuration, even if they do not share a parent in the DNS namespace.

DNS settings with a managed CNAME setup

The DNS tab is not used to manage any hostnames that you can use with Acquia Edge. You will see several Acquia-defined records resolving to your application.

Note

Do not modify any records defined on the DNS tab unless the elastic IP addresses for your application change.

Adding a hostname

To add a hostname to your managed CNAME setup, do the following:

  1. On the SSL/TLS tab, navigate to the Custom Hostnames section.

  2. Select Add a Custom Hostname.

  3. In the Custom Hostname field, enter the fully-qualified domain name.

    This can be a bare domain or subdomain. Use of the Enable Wildcard option may introduce DNS resolution issues if you have domains on another Cloudflare account. This option is not allowed with Acquia Edge.

Note

The minimum TLS version is defined based on the hostname.

You can only add hostnames that are defined as valid domains for your application on Acquia Platform.

You can view the status of any hostnames in the Custom Hostnames section of the SSL/TLS tab.

SSL with a managed CNAME setup

After the validation is complete, a single dedicated SSL certificate is issued for each hostname that you add. By default, the validation is performed over HTTP.

For SSL to validate for a hostname:

  1. You must have a CNAME in your authoritative DNS from the hostname to Acquia Edge.
  2. Acquia Edge must receive the HTTP traffic to the hostname to complete the validation.

With the HTTP validation, there are several minutes of downtime following the DNS cutover for any hostnames. To avoid this downtime, you must do the pre-validation of certificates.

Pre-validation of certificates

If you use the TXT validation method, your certificates are issued before modifying DNS for any hostnames.

To change the validation method, select TXT Validation from the Validation Method drop-down menu when adding or modifying a custom hostname. Acquia does not recommend you to use email validation unless you are a publicly listed administrator or webmaster in WHOIS for your domains.

Uploading a certificate

You can also upload a certificate by providing the certificate file and private key. To do so, select Custom Certificate when adding a custom hostname.

Acquia Edge only accepts the following three types of publicly trusted certificates:

  • SHA256WithRSA
  • SHA1WithRSA
  • ECDSAWithSHA256

If you attempt to upload a self-signed certificate or a certificate of another type, it is rejected.

Warning

The use of any wildcard certificates is not permitted if you also maintain any of the domains covered by the SAN in a third-party Cloudflare subscription.

Note

The Edge Certificates section of the SSL/TLS tab is not used to view or manage any certificates for your domain in a managed CNAME setup.

Launching with a managed NAME setup

Prior to launch, Acquia strongly recommends testing Acquia Edge.

After you have configured your hostnames and defined any other caching or security settings for your domains, you are ready to launch.

To launch a domain using the managed CNAME setup for Acquia Edge, complete the following steps:

  1. Plan your CNAME records for launch. In this step, you do not update your DNS, but instead confirm that you have the correct CNAME records for your DNS update on your scheduled launch date.

    For each hostname, create a record in your authoritative DNS resolving to the acquiaedge.net domain for your application.

    For example, for the hostname www.example.com with the codebase mysite:

    Type: CNAME
    Name: www.example.com
    Target: mysite.acquiaedge.net

    For any bare domains, you can use a record resolving the IP addresses returned when performing a DNS lookup against the [codebase].acquiaedge.net domain corresponding to your application.

    Type: CNAME
    Name: www.example.com
    Target: 192.0.0.1
  2. Sign in to your DNS provider.

  3. Add the planned records for your desired domain to your authoritative DNS provider.

  4. Verify whether the traffic is going through Acquia Edge.

    For more information, see Confirming traffic is going through Acquia Edge.