Create Cloudflare DNS CAA records.
The Zone ID can be found on the Cloudflare overview page for the domain you want to add records to.
To create a root example.com CAA record saying Let's Encrypt
can issue hostname certificates and no CA can
issue wildcards:
module "example_com_caa" {
source = "brainsik/dns-caa/cloudflare"
zone_id = "313372600deadcodebea5751993defc0"
name = "example.com"
issue = ["letsencrypt.org"]
issuewild = [";"]
}The same record, but with ACME CAA Account and Method Bindings:
module "example_com_caa" {
source = "brainsik/dns-caa/cloudflare"
zone_id = "313372600deadcodebea5751993defc0"
name = "example.com"
issue = ["letsencrypt.org; accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/123456789; validationmethods=http-01"]
issuewild = [";"]
}To create a root example.com CAA record saying both Let's Encrypt
and ZeroSSL can issue hostname certificates and no CA can
issue wildcards:
module "example_com_caa" {
source = "brainsik/dns-caa/cloudflare"
zone_id = "313372600deadcodebea5751993defc0"
name = "example.com"
issue = ["letsencrypt.org", "sectigo.com"]
issuewild = [";"]
}| Name | Version |
|---|---|
| terraform | >= 1.0 |
| cloudflare | >= 4.0 |
| Name | Version |
|---|---|
| cloudflare | >= 4.0 |
No modules.
| Name | Type |
|---|---|
| cloudflare_record.caa_iodef | resource |
| cloudflare_record.caa_issue | resource |
| cloudflare_record.caa_issuewild | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| iodef | URL to send violation reports to | set(string) |
[] |
no |
| issue | Domain name of CA that can issue certificates for specific hostnames | set(string) |
[] |
no |
| issuewild | Domain name of CA that can issue wildcard certificates | set(string) |
[] |
no |
| name | The name of the record | string |
n/a | yes |
| zone_id | The Cloudflare DNS zone ID to add the record to | string |
n/a | yes |
No outputs.