[DNS, SSL] Clarify HTTPS record behavior and cert requirement (#18892)

* Cross-link on-the-fly HTTPS records with proxy status * Add note on HTTPS records to SSL browser compatibility page * Overall review and improve cross-linking
cloudflare · Dec 27, 2024 · b0a0a48 · b0a0a48
1 parent 3b3593e
commit b0a0a48
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 1 deletion.
diff --git a/src/content/docs/dns/manage-dns-records/reference/dns-record-types.mdx b/src/content/docs/dns/manage-dns-records/reference/dns-record-types.mdx
@@ -302,7 +302,7 @@ curl "https://api.cloudflare.com/client/v4/zones/<ZONE_ID>/dns_records" \
 
 Service Binding (SVCB) and HTTPS Service (HTTPS) records allow you to provide a client with information about how it should connect to a server upfront, without the need of an initial plaintext HTTP connection.
 
-If your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimization/protocol/), Cloudflare automatically generates HTTPS records on the fly, to advertise to clients how they should connect to your server.
+If your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimization/protocol/) and [proxied DNS records](/dns/manage-dns-records/reference/proxied-dns-records/), Cloudflare automatically generates HTTPS records on the fly, to advertise to clients how they should connect to your server.
 
 For more details and context, refer to the [announcement blog post](https://blog.cloudflare.com/speeding-up-https-and-http-3-negotiation-with-dns/) and [RFC 9460](https://www.rfc-editor.org/rfc/rfc9460.html).
 

diff --git a/src/content/docs/dns/manage-dns-records/reference/proxied-dns-records.mdx b/src/content/docs/dns/manage-dns-records/reference/proxied-dns-records.mdx
@@ -20,6 +20,14 @@ The **Proxy status** of a DNS record affects how Cloudflare treats incoming traf
 
 <Render file="proxied-records-definition" product="dns" />
 
+### Protocol optimization
+
+For proxied records, if your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimization/protocol/), Cloudflare automatically generates corresponding [HTTPS Service (HTTPS) records](/dns/manage-dns-records/reference/dns-record-types/#svcb-and-https) on the fly. HTTPS records allow you to provide a client with information about how it should connect to a server upfront, without the need of an initial plaintext HTTP connection.
+
+:::note
+Both HTTP/2 and HTTP/3 configurations also require that you have an SSL/TLS certificate served by Cloudflare. This means that disabling [Universal SSL](/ssl/edge-certificates/universal-ssl/), for example, could impact this behavior.
+:::
+
 ### Limitations
 
 <Render file="limitations" product="dns" />

diff --git a/src/content/docs/ssl/reference/browser-compatibility.mdx b/src/content/docs/ssl/reference/browser-compatibility.mdx
@@ -36,3 +36,13 @@ To support non-SNI requests, you can:
 * (BYOIP customers only) Enterprise customers can choose to bring your own IP prefix to Cloudflare Network and [specify the default SNI used for any handshake in the address map](/byoip/troubleshooting/#non-sni-support).
 
 * (Paid plans only) [Contact Cloudflare Support](/support/contacting-cloudflare-support/) and request a set of dedicated IPs for your zone.
+
+## HTTPS records
+
+[HTTPS Service (HTTPS) records](/dns/manage-dns-records/reference/dns-record-types/#svcb-and-https) allow you to provide a client with information about how it should connect to a server upfront, without the need of an initial plaintext HTTP connection.
+
+If your domain has [HTTP/2 or HTTP/3 enabled](/speed/optimization/protocol/) and [proxied DNS records](/dns/manage-dns-records/reference/proxied-dns-records/), Cloudflare automatically generates HTTPS records on the fly, to advertise to clients how they should connect to your server.
+
+:::caution
+Both HTTP/2 and HTTP/3 configurations also require that you have an SSL/TLS certificate served by Cloudflare. This means that disabling Universal SSL, for example, could impact this behavior.
+:::