Cycle Logo

Acme Challenge NS Records

Many users consume some sort of proxy, firewall, etc from services like Cloudflare in front of Cycle. While these are incredible value adds to the platform, being able to take advantage of the native Cycle TLS certificate generation and functionality is also very powerful.

In many cases, the user will want to retain control of a domain, especially the root domain, on Cloudflare while still using a hosted zone.

To get this set up, log into the provider and add the following records:

  • type NS: _acme-challenge.domain.com pointing to ns1.cycle.io
  • type NS: _acme-challenge.www.domain.com pointing to ns1.cycle.io
  • type TXT: cycle-verify with a value of the Cycle hub id

Head back over and create a DNS hosted zone. From there, the zone should verify and TLS certificates can now be generated for exactly the domain that the acme challenge records were created for.

Associating the Load Balancer from the Provider

Once this is set up, at some point there is going to be a linked record for the domain that points to a container in an environment. When that is a known value, the following things need to be done in order for Cycle and the provider to understand how to get traffic to the right place.

First, head to the environment and mark down the IPv4 or IPv6 addresses (or both) of the load balancer instances. This is available on the environment dashboard. Then go to the provider and add A/AAAA records for those entries.

Now, when a DNS query comes into the provider they are able to route that traffic appropriately to Cycle and the Cycle load balancer understands what container is intended for that traffic.

We use cookies to enhance your experience. You can manage your preferences below.