Let’s Encrypt always verifies DNSSEC. There are some cases CAs are permitted to not, but it is simpler for us and everyone to just always validate. We do not require domains to be DNSSEC signed.
6 Likes
Let’s Encrypt always verifies DNSSEC. There are some cases CAs are permitted to not, but it is simpler for us and everyone to just always validate. We do not require domains to be DNSSEC signed.