Since more then a year I publish CAA records (RFC 6844). At least I hope the content is usable for anyone. But it turns out: no CA care about my records. Till today: LE fail to issue a certificate. I got that message “…CAA check for $mydomain failed …” I found the LE servers lookup my CAA record e…

Domain with active CAA record in DNS

schoen January 26, 2016, 9:58pm 5

@sca_le, it looks like there’s a bug in Boulder. Filed at

We are using a more restrictive interpretation of the Issuer Critical flag than was prescribed by

Thanks for pointing this out.

Topic		Replies	Views
CAA Record does does not allow double-quotes Help	8	86	April 13, 2025
Couldn't find a CAA record for a domain Help	11	1779	December 1, 2021
LE not processing CAA record correctly Help	9	156	March 30, 2025
Is LE currently checking for CAA records? Issuance Tech	5	2929	May 9, 2017
Certificate issued despite CAA record Issuance Tech	6	1734	April 28, 2022