I recently set up a certificate for my Application Load Balancer (ALB) and validated it using Route53. I'm wondering if there's any real reason to keep the CNAME record related to that validation: _7ca416c7b571747ebd12202b1078b797.albname.etc.etc.etc. Should I just remove it for a cleaner setup, or is it necessary to keep it around?
5 Answers
If you delete that CNAME record, your certificate won't be able to auto-renew. It might seem like a good idea for a cleaner setup, but it could cause issues down the line, so it's best to just leave it where it is. You’ll save yourself some headaches later!
ACM and other modern cert management tools are great because they automate a lot of the worries around cert management. If you get rid of the CNAME, you’ll have to deal with re-adding it pretty frequently since the max lifetime of certificates is getting shorter. It won't be fun to re-add that record multiple times a year!
Honestly, don’t worry about the bugs! You can remove it once the certificate is validated, but remember you’ll just have to add it back when it’s time to renew. Removing it means more hassle for you later on.
As long as you’re still using that certificate, keep the CNAME records. If you're cleaning up because you're no longer using that cert, then go ahead and delete it without worries.
No need to remove the CNAME unless you want to mess with renewals and validation problems later. It's important for the functionality, and if you take it out, you'll have to remember to add it back when it’s time for renewal.
Related Questions
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads