I use Crazy Domains as my domain name provider, and I wish to set up CAA.
I am using a premium DNS account which does not include the CAA record as part of the configuration options. But when I check https://sslmate.com/caa/support it states that Crazy Domains supports CAA.
I contacted CD and they advised: "However, you need to verify Let’s Encrypt what exactly the correct records to input to make it work. This is to avoid any error and to save us time. However, if you are looking for adding a CAA record only, this is not available. We all know that Let’s Encrypt is a Certificate Authority that can provide an SSL Certificate. If you already have the SSL Certificate with you, you can send it to us and we will escalate it to our SSL Team for installation. "
I understand I can’t just use a TXT record, like: _caa.mydomain.org > 0 issue “letsencrypt.org”
I’m not sure how sending my certificate helps (and that sounds unsecure)…
I’m confused as to whether or not I can implement CAA with Crazy Domains…
Certificates (without the private key!) are publically available (heck, it's send to the browser every time a client connects to your webserver), so there's no unsecure thing in sending just the certificate. I'm guessing they'd use it to "extract" the certificate authority to perhaps generate the CAA record contents for you?
There's no reason they'd need to; your DNS host and your registrar don't have to be the same people. But for many TLDs, yes, they can act as registrar as well; for my .com domains, they charge $8.03/year. DNS is free.