With the emails that went out ~ 3 days ago regarding CAA exception, it did not contain which domains assigned to your account have an incorrect setup.
Ourselves, and I imagine many others, manage hundreds or thousands of domains via LetsEncrypt, and it is unfeasible for these to be tested manually.
I would like to request an extension to the 1 1/2 months grace period on the workaround until a better way to notify administers has been found, whether that is an improved email with a list of the failed domains, or some other means.
With it also potentially requiring a fix by DNS providers, 1 1/2 months seems dangerously short notice to identify the domains, DNS providers, notify the providers and expect a fix to be rolled out into production.
22.214.171.124. CAA Records
This section is effective as of 8 September 2017.
As part of the issuance process, the CA MUST check for a CAA record for each dNSName in the subjectAltName extension of the certificate to be issued, according to the procedure in RFC 6844, following the processing instructions set down in RFC 6844 for any records found. If the CA issues, they MUST do so within the TTL of the CAA record, or 8 hours, whichever is greater.
It’s also worth noting that Let’s Encrypt already implements aspects of the CAA check process. A response indicating Let’s Encrypt is not an authorized CA, or a servfail response, already prevents Let’s Encrypt from providing a certificate. This has been the case for weeks, so if you would be affected by this change, you should already be seeing renewal failures.
Sorry again for failing to include the list of affected domains in the email that got sent out. I’ve updated the CAA SERVFAIL changes thread with the list of all affected domains, to cross-reference against your own.
It’s worth noting that if you renew any affected certs shortly before the deadline (say, August 30), then you have a full 90 days before those certificates expire in which to help users fix the problem or migrate DNS providers. And I definitely sympathize about having a short timeline to fix things. We tried to get the communication out sooner, but as often happens, events intervened.
Let us know if we can be of any help diagnosing specific problems.