Update custom-dns.md (#8399)

* Update custom-dns.md Updated to include instructions for CAA Records * Apply suggestions from code review --------- Co-authored-by: Diana <[email protected]>
Kong · Jan 31, 2025 · 9b2543a · 9b2543a
1 parent 18cd1ac
commit 9b2543a
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/app/konnect/gateway-manager/dedicated-cloud-gateways/custom-dns.md b/app/konnect/gateway-manager/dedicated-cloud-gateways/custom-dns.md
@@ -37,3 +37,16 @@ title: Custom Domains for Dedicated Cloud Gateways
 1. In {{site.konnect_short_name}}, open {% konnect_icon runtimes %} **Gateway Manager**, choose a control plane to open the **Overview** dashboard, then click **Custom Domains**.
 
 2. Click the action menu on the end of the row you want to delete and click **Delete**.
+
+## Custom domain attachment and CAA record troubleshooting
+
+If your custom domain attachment fails, check if your domain has a Certificate Authority Authorization (CAA) record restricting certificate issuance. Dedicated Cloud Gateways uses a Google Cloud Public CA to provision SSL/TLS certificates. If your CAA record doesn't include the required CA, certificate issuance will fail.
+
+You can resolve this issue by doing the following: 
+
+1. Check existing CAA records by running `dig CAA yourdomain.com +short`. 
+  If a CAA record exists but doesn't allow GCP Public CA (`pki.goog`), update it.   
+2. Update the CAA record, if needed. For example: `yourdomain.com.    CAA    0 issue "pki.goog"`
+3. Wait for DNS propagation and retry attaching your domain.
+
+If no CAA record exists, no changes are needed. For more information, see the [Let's Encrypt CAA Guide](https://letsencrypt.org/docs/caa/).