Certificate issue for ip6.arpa
I own
1.9.8.0.b.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa, and added it to cloudflare (which worked!)
But the "Universal" certificate doesn't work, I guess google doesn't support ip6.arpa
The backup certificate works though... But I cannot select it without paying apparently? Despite literally not having any other working certificate?
2 Replies
ooh okie i was able to make cloudflare generate a new ssl.com certificate just using the api haha
This is normal, and you're not going to be able to do what you're trying. Adding forward records (A / AAAA) to
.arpa domains is a violation of RFC 3172, so most CAs will not issue certificates to ip6.arpa or in-addr.arpa domains.
You can add these zones to Cloudflare, but it's intended for you to add PTR records for rDNS - not adding forward records.
I've also noticed that for ip6.arpa domains, SSL.com will issue certificates, but this should be prevented like it is for in-addr.arpa - I'm guessing they haven't done it yet because this is a niche bug.