Let's Encrypt Domain name resolution support CAA failed

bakppx · May 17, 2020, 5:04am

Let’s Encrypt There is no need to verify CAA, which domain name resolvers support it

JuergenAuer · May 17, 2020, 6:51am

CAs must check if there is a CAA entry. Read

CA/Browser Forum discussion began shortly afterward,[4] and in March 2017 they voted in favor of making CAA implementation mandatory for all certificate authorities by September 2017.

So Letsencrypt must check, if there is a CAA and the name server software must have a correct answer (nodata or the data, but not Servfail or NotImplemented).

Dig offline, online there are some tools - ssllabs, sslmate, check-your-website.

system · June 16, 2020, 6:51am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
How to setup DNS CAA Server	13	26904	January 17, 2019
Lets Encrypt and DNSSEC verification Issuance Tech	7	1584	March 27, 2024
Will it be sufficient if we update valid CAA on the cname domain to issue certificate? Help	8	583	October 4, 2020
CAA Check Incident: December 7, 2015 Incidents	0	4174	January 27, 2016
Why does Let's Encrypt send a large number of DNS TCP requests to authoritative resolution Issuance Tech	12	497	August 7, 2024

Let's Encrypt Domain name resolution support CAA failed

Related topics