If you are planning to host your newsroom on a custom domain and want to also support HTTPS / SSL, we need to install an SSL certificate on for your newsroom.
There are two options:
We generate the certificate for you:
We generate an SSL certificate on your behalf using Amazon Certificate Manager (this is similar to Let’sEncrypt). This requires you to set up a TXT file on your domain to authorize Amazon to create this certificate on your behalf. This is by far the easiest route.
You generate the certificate yourself:
We send you a CSR and you generate the SSL certificate for the news.example.com subdomain. When we then receive your certificate we can install it on our side to start serving your newsroom on HTTPS. This takes a bit more time from you side and can be annoying in terms of renewing the certificate a year from now, etc.
Once you know which option you prefer, send an SSL-setup request to: firstname.lastname@example.org.
It could be that you have CAA records set up. The CAA record is a DNS record type that allows domain name owners extra control over SSL certificates that can be issued for their domains.
If this is the case, you need to either add a new CAA record which includes amazon.com or send us your own SSL certificate (i.e. you can't use the DNS verification feature of Amazon Certificate Manager).
Here's the info from AWS: https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-caa.html. You can test your CAA records here: https://caatest.co.uk/example.com.