[DNS, SSL] Update overall org and SSL options in partial-setup/setup (#17568)

RebeccaTamachiro · web-flow · commit d18ba42fc4c4 · 2024-10-21T09:59:06.000+01:00
* First pass: formatting and remove link to full setup guides

* Further remove empty lines

* Further remove empty lines

* Move SSL/TLS section higher and separate new zone vs conversion

* Fix broken link

* Move SSL recommendations into prep and revamp other steps

* Search for and replace broken anchors
diff --git a/src/content/docs/dns/zone-setups/conversions/convert-partial-to-full.mdx b/src/content/docs/dns/zone-setups/conversions/convert-partial-to-full.mdx
@@ -38,7 +38,7 @@ At least 24 hours prior to converting your zone, disable DNSSEC at your authorit
 :::note
 
 
-As a best practice, you should also delete the previous [zone activation TXT record](/dns/zone-setups/partial-setup/setup/#add-your-domain-to-cloudflare) at your authoritative DNS provider. To locate this value in the Cloudflare dashboard, go to **DNS** > **Records** and find the **Verification TXT Record**.
+As a best practice, you should also delete the previous [zone activation TXT record](/dns/zone-setups/partial-setup/setup/#1-convert-your-zone-and-review-dns-records) at your authoritative DNS provider. To locate this value in the Cloudflare dashboard, go to **DNS** > **Records** and find the **Verification TXT Record**.
 
 
 :::
diff --git a/src/content/docs/dns/zone-setups/partial-setup/index.mdx b/src/content/docs/dns/zone-setups/partial-setup/index.mdx
@@ -10,7 +10,7 @@ import { FeatureTable, Render } from "~/components"
 
 <Render file="partial-setup-definition" />
 
-Once you are on a partial setup, the actual resolution of your records to Cloudflare depends on `CNAME` records [added at your authoritative DNS provider](/dns/zone-setups/partial-setup/setup/#add-dns-records). Check your authoritative DNS provider to know which records are pointing to `{your-hostname}.cdn.cloudflare.net`.
+Once you are on a partial setup, the actual resolution of your records to Cloudflare depends on `CNAME` records [added at your authoritative DNS provider](/dns/zone-setups/partial-setup/setup/#3-add-dns-records). Check your authoritative DNS provider to know which records are pointing to `{your-hostname}.cdn.cloudflare.net`.
 
 ## How to
 
diff --git a/src/content/docs/dns/zone-setups/partial-setup/setup.mdx b/src/content/docs/dns/zone-setups/partial-setup/setup.mdx
@@ -9,97 +9,74 @@ head:
 
 ---
 
-import { Details, Render } from "~/components"
+import { Details, Render, GlossaryTooltip, Steps } from "~/components";
 
 <Render file="partial-setup-definition" />
 
 :::note
-
-
 A partial setup is only available to customers on a Business or Enterprise plan.
-
-
 :::
 
 ***
 
-## Add your domain to Cloudflare
-
-
-1. Create a Cloudflare account and [add your domain](/fundamentals/setup/manage-domains/add-site/).
-
-2. For your **Plan**, choose **Business** or **Enterprise**.
+## Before you begin
 
-3. Continue through the onboarding steps, ignoring the instructions to change your nameservers.
+<Steps>
+1. Create a Cloudflare account and add your domain.
+2. Choose **Business** or **Enterprise** as your plan.
+3. If you are onboarding a new domain to Cloudflare, ignore the instructions to change your nameservers.
+4. (Recommended) Plan for SSL/TLS certificates:
 
-4. On the **Overview** page, select **Convert to CNAME DNS Setup**.
+    If you are only using [Universal SSL](/ssl/edge-certificates/universal-ssl/) prior to converting your zone, a certificate will be provisioned for your subdomains only after each of the respective DNS records ([step 3](#3-add-dns-records) below) are [proxied](/dns/manage-dns-records/reference/proxied-dns-records/). Refer to [Enable Universal SSL](/ssl/edge-certificates/universal-ssl/enable-universal-ssl/#partial-dns-setup) for details.
 
-5. Select **Convert** to confirm.
+    If your domain is sensitive to downtime, instead of using Universal SSL, consider using an [advanced certificate](/ssl/edge-certificates/advanced-certificate-manager/) with [delegated DCV](/ssl/edge-certificates/changing-dcv-method/methods/delegated-dcv/#setup).
+</Steps>
 
-6. Save the information from the **Verification TXT Record**. If you lose the information, you can also access it by going to **DNS** > **Records** > **Verification TXT Record**.
+## 1. Convert your zone and review DNS records
 
+<Steps>
+1. On the **Overview** page, select **Convert to CNAME DNS Setup**.
+2. Select **Convert** to confirm.
+3. Save the information from the **Verification TXT Record**. If you lose the information, you can also access it by going to **DNS** > **Records** > **Verification TXT Record**.
+4. Make sure that you have all the DNS records for subdomains that you want to proxy through Cloudflare.
+</Steps>
 
-## Verify ownership for your domain
-
-
-Once you [add your domain to Cloudflare](#add-your-domain-to-cloudflare), add the **Verification TXT Record** at your authoritative DNS provider. Cloudflare will verify the TXT record and send a confirmation email. This can take up to a few hours.
+## 2. Verify ownership for your domain
 
+Add the **Verification TXT Record** at your authoritative DNS provider. Cloudflare will verify the TXT record and send a confirmation email. This can take up to a few hours.
 
 <Details header="Example verification record">
-
 A verification record for `example.com` might be:
 
 | Type | Name                            | Content             |
 | ---- | ------------------------------- | ------------------- |
 | TXT  | `cloudflare-verify.example.com` | 966215192-518620144 |
-
-
 </Details>
 
 :::note
-
-
 If your authoritative DNS provider automatically appends DNS record `name` fields with your domain, make sure to only insert `cloudflare-verify` as the record name. Otherwise, it may result in an incorrect record name, such as `cloudflare-verify.example.com.example.com`.
 
 After creating the record, you can use this [Dig Web Interface link](https://digwebinterface.com/?type=TXT\&ns=auth\&nameservers=) to search (`dig`) for `cloudflare-verify.<YOUR DOMAIN>` and validate if it is working.
-
-
 :::
 
 That record must remain in place for as long as your domain is active on the partial setup on Cloudflare.
 
+## 3. Add DNS records
 
-## Optional - Provision an SSL certificate
-
-
-To provision a Universal SSL certificate through Cloudflare, follow [these instructions](/ssl/edge-certificates/universal-ssl/enable-universal-ssl/#partial-dns-setup).
-
-If your domain is already live with a partial (CNAME) setup — with Cloudflare or another DNS provider — you cannot use a TXT record for [Domain Control Validation](/ssl/edge-certificates/changing-dcv-method/methods/txt/). That domain's TXT record needs to be reserved for forwarding traffic to Cloudflare.
-
-
-## Add DNS records
-
-
-1. In Cloudflare, [add an `A`, `AAAA`, or `CNAME` record](/dns/manage-dns-records/how-to/create-dns-records/).
-2. At your authoritative DNS provider:
-
-   1. Remove any existing `A`, `AAAA`, or `CNAME` records on the hostname you want to proxy to Cloudflare.
-
-   2. Add a `CNAME` record for `{your-hostname}.cdn.cloudflare.net`.
-
-       <details>
-       <summary>
-       Example CNAME record at authoritative DNS provider
-       </summary>
-
-      The `CNAME` record for `www.example.com` would be:
+<Steps>
+1. At your authoritative DNS provider:
+   1. Create `CNAME` records pointing to `{your-hostname}.cdn.cloudflare.net` for every hostname you wish to proxy through Cloudflare.
 
-      ```txt
-      www.example.com CNAME www.example.com.cdn.cloudflare.net
-      ```
+    <Details header="Example CNAME record at authoritative DNS provider">
 
-       </details>
+    The `CNAME` record for `www.example.com` would be:
 
-   3. Repeat this process for each subdomain proxied to Cloudflare.
+    ```txt
+    www.example.com CNAME www.example.com.cdn.cloudflare.net
+    ```
+    </Details>
 
+    2. Remove any previously existing `A`, `AAAA`, or `CNAME` records referencing the hostnames you want to proxy through Cloudflare. For these hostnames, leave only the records pointing to `{your-hostname}.cdn.cloudflare.net`.
 
+2. Repeat this process for each subdomain that should be proxied to Cloudflare.
+</Steps>
diff --git a/src/content/docs/dns/zone-setups/reference/domain-status.mdx b/src/content/docs/dns/zone-setups/reference/domain-status.mdx
@@ -36,7 +36,7 @@ F[Purged]
 
 :::note
 
-If you use the API to add your website or application to Cloudflare, your zone will be created directly in a **Pending** status. **Initializing** only applies to domains added via the dashboard. 
+If you use the API to add your website or application to Cloudflare, your zone will be created directly in a **Pending** status. **Initializing** only applies to domains added via the dashboard.
 :::
 
 ## Initializing (Setup)
@@ -68,7 +68,7 @@ If you have mistakenly added a zone to your account it will appear as pending. I
 
 ## Active
 
-Cloudflare has authenticated your [nameserver changes](/dns/nameservers/update-nameservers/) or [verification TXT record](/dns/zone-setups/partial-setup/setup/#verify-ownership-for-your-domain) and you can proxy domain traffic through Cloudflare. For more details refer to [How Cloudflare works](/fundamentals/concepts/how-cloudflare-works/) and [Domain configurations](/fundamentals/setup/manage-domains/connect-your-domain/#domain-configurations).
+Cloudflare has authenticated your [nameserver changes](/dns/nameservers/update-nameservers/) or [verification TXT record](/dns/zone-setups/partial-setup/setup/#2-verify-ownership-for-your-domain) and you can proxy domain traffic through Cloudflare. For more details refer to [How Cloudflare works](/fundamentals/concepts/how-cloudflare-works/) and [Domain configurations](/fundamentals/setup/manage-domains/connect-your-domain/#domain-configurations).
 
 ## Moved
 
@@ -78,7 +78,7 @@ Zones that do not have any active paid subscriptions and have been moved will be
 
 :::caution
 
-If you have an active paid subscription and no longer wish to use Cloudflare, make sure to also [manually remove your domain](/fundamentals/setup/manage-domains/remove-domain/). 
+If you have an active paid subscription and no longer wish to use Cloudflare, make sure to also [manually remove your domain](/fundamentals/setup/manage-domains/remove-domain/).
 :::
 
 ## Deleted
diff --git a/src/content/docs/dns/zone-setups/subdomain-setup/setup/index.mdx b/src/content/docs/dns/zone-setups/subdomain-setup/setup/index.mdx
@@ -53,7 +53,7 @@ The availability of different setups will depend on both the parent zone setup a
 Subdomains using a partial setup represent an exception in the sense that [delegation](#subdomain-delegation) does not apply in this context. As explained in the dedicated [Partial (CNAME) setup section](/dns/zone-setups/partial-setup/), this setup is intended to simply proxy individual subdomains through Cloudflare. For completeness, however, this is listed as an option in this table and the [how-to guide](/dns/zone-setups/subdomain-setup/setup/parent-on-partial/) has detailed explanation on how to achieve a subdomain zone using partial setup.
 :::
 
-This table assumes zones that are in an [active status](/dns/zone-setups/reference/domain-status/). For example, if you need to add the parent zone to Cloudflare when its child zone already exists in a partial setup, you can [convert the parent zone to partial](/dns/zone-setups/partial-setup/setup/#add-your-domain-to-cloudflare) while it is still in pending status.
+This table assumes zones that are in an [active status](/dns/zone-setups/reference/domain-status/). For example, if you need to add the parent zone to Cloudflare when its child zone already exists in a partial setup, you can [convert the parent zone to partial](/dns/zone-setups/partial-setup/setup/#1-convert-your-zone-and-review-dns-records) while it is still in pending status.
 
 ***
 
diff --git a/src/content/docs/ssl/edge-certificates/changing-dcv-method/methods/http.mdx b/src/content/docs/ssl/edge-certificates/changing-dcv-method/methods/http.mdx
@@ -47,7 +47,7 @@ To make sure your domain does not accidentally block HTTP DCV, review your Cloud
 
 ### Complete DCV
 
-Your HTTP token will be available for the Certificate Authority as soon as you finish your [partial domain setup](/dns/zone-setups/partial-setup/setup/#add-dns-records).
+Your HTTP token will be available for the Certificate Authority as soon as you finish your [partial domain setup](/dns/zone-setups/partial-setup/setup/#3-add-dns-records).
 
 This means that you need to add a CNAME record to Cloudflare in your authoritative DNS and create [proxied DNS records](/dns/manage-dns-records/reference/proxied-dns-records/) for your hostname within Cloudflare.
 
diff --git a/src/content/docs/ssl/edge-certificates/universal-ssl/enable-universal-ssl.mdx b/src/content/docs/ssl/edge-certificates/universal-ssl/enable-universal-ssl.mdx
@@ -32,7 +32,7 @@ If your domain is using a **partial setup**, you will need to add [Domain Contro
 
 For non-authoritative or [partial domains](/dns/zone-setups/partial-setup/), Universal SSL will be:
 
-* Provisioned once the DNS record is [proxied through Cloudflare](/dns/zone-setups/partial-setup/setup/#add-dns-records).
+* Provisioned once the DNS record is [proxied through Cloudflare](/dns/zone-setups/partial-setup/setup/#3-add-dns-records).
 * Validated:
 
   * Immediately if you add [Domain Control Validation (DCV)](/ssl/edge-certificates/changing-dcv-method/) records to your authoritative DNS.
