Move validation issues to respective sections

webprofusion-chrisc · webprofusion-chrisc · commit 074c97acf1b9 · 2024-06-10T09:21:03.000+08:00
diff --git a/docs/dns/validation.md b/docs/dns/validation.md
@@ -13,7 +13,7 @@ To request a certificate from Let's Encrypt (or any Certificate Authority), you
 
 In order to validate your control of your domains to the certificate authority you will be required to create a specified TXT record in your domain's DNS zone.
 
-To do this you may need to get the API credentials for the (hosted) DNS from your DNS providers control panel, store these credentials in the app then select them to be used for specific certificate requests.
+To do this you may need to get the API credentials for the (hosted) DNS from your DNS providers control panel, store these credentials in the app then select them to be used for specific certificate requests. DNS credentials are encrypted at rest using Windows DAPI, but where possible you should use limited privilege credentials.
 
 If your DNS provider (or custom DNS setup) does not have an API we can talk to, you can write your own DNS update script or use the Manual DNS option (the request pauses while you manually update DNS).
 
@@ -122,3 +122,7 @@ To use Manual DNS:
 - Perform your initial certificate request. The request will pause and ask you to create a TXT record in your domain (one value for each domain or wildcard). Once you have completed that, wait for your DNS name servers to complete propagation. If you have trouble validating, wait an hour or more for this to complete.
 - Use 'Request Certificate' to resume the request and check validation.
 - If the certificate authority can see the TXT value they asked for in your DNS, they will then allow a certificate to be issued and the request will resume as normal.
+
+## Common Issues
+## DNS domain validations suddenly failing
+DNS providers can and do change their APIs periodically which can impact renewals using DNS validation. For instance, GoDaddy changed their API to only allow API use for customers with more than 10 domains. Other DNS providers have retired their older APIs resulting in renewals that use those failing. We recommend that if a problem develops with DNS validation that you ensure you are using the latest version of the app and if the problem persists contact your DNS provider to ask if their API has recently changed.
diff --git a/docs/guides/troubleshooting.md b/docs/guides/troubleshooting.md
@@ -27,10 +27,3 @@ You can use tools such as Telerik Fiddler to see the https conversation between
 
 ### Alternative Solutions
 Occasionally you may be unable or unwilling to resolve the connectivity issue with the CA system. In this case we would suggest the next thing to try is to [use a different CA](certificate-authorities.md). You can try this for a single managed certificate and if that works change your default CA over to the new preferred CA.
-
-# Domain Validation Issues Causing Failed Renewal
-## HTTP domain validations suddenly failing
-If you find you are unexpectedly getting HTTP domain validation failures (particularly "Secondary validation") the most common cause is a Firewall blocking TCP port 80 (http) or you are blocking a range of IP or Geographic locations. To allow only your CAs HTTP validation requests through we recommend using a Web Application Firewall set to allow all http requests to any path starting with `/.well-known/acme-challenge/`. Alternatively block specific countries instead of blocking all countries, as your CA (the default being Let's Encrypt) may choose to validate from any geographic region.
-
-## DNS domain validations suddenly failing
-DNS providers can and do change their APIs periodically which can impact renewals using DNS validation. For instance, GoDaddy changed their API to only allow API use for customers with more than 10 domains. Other DNS providers have retired their older APIs resulting in renewals that use those failing. We recommend that if a problem develops with DNS validation that you ensure you are using the latest version of the app and if the problem persists contact your DNS provider to ask if their API has recently changed.
diff --git a/docs/http-validation.md b/docs/http-validation.md
@@ -38,6 +38,9 @@ the https://api.certifytheweb.com server if it can access the resource instead (
 ### Timeout during http validation
 Your firewall is blocking port 80. Open port TCP 80 in Windows Firewall and on any cloud hosting firewall rules you have.
 
+### HTTP domain validations suddenly failing
+If you find you are unexpectedly getting HTTP domain validation failures (particularly "Secondary validation") the most common cause is a Firewall blocking TCP port 80 (http) or you are blocking a range of IP or Geographic locations. To allow only your CAs HTTP validation requests through we recommend using a Web Application Firewall set to allow all http requests to any path starting with `/.well-known/acme-challenge/`. Alternatively block specific countries instead of blocking all countries, as your CA (the default being Let's Encrypt) may choose to validate from any geographic region.
+
 ### Error 500, 404 or 403 (or other http error code)
 The most common problem is that auto configuration has failed to determine the best config for your system. Different editions/distributions of windows have different defaults.
 
