Currently I have letsencrypt.org in our published CAA record - and we have a number of published certs (from lets encrypt)
I've been asked..
If we remove Let's Encrypt from the CAA record ..
Will certificates already issued remain valid, and be recycled correctly after 30 days ? or will re-issuance fail ?
No. Also, the correct term would be "renewed", which, technically, is just a brand new certificate, but just with the same hostnames as a previous certificate.
Above is all assuming there still exists a CAA record, but just without
letsencrypt.org as a value (i.e.: one or more CAA record(s) with non-Let's Encrypt CAs as value).
If NO CAA record is present, there is nothing preventing issuance by Let's Encrypt (or any other CA for that matter).
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.