Let's Encrypt Domain name resolution support CAA failed

Let’s Encrypt There is no need to verify CAA, which domain name resolvers support it

Hi @bakppx

CAs must check if there is a CAA entry. Read

CA/Browser Forum discussion began shortly afterward,[4] and in March 2017 they voted in favor of making CAA implementation mandatory for all certificate authorities by September 2017.

So Letsencrypt must check, if there is a CAA and the name server software must have a correct answer (nodata or the data, but not Servfail or NotImplemented).

Dig offline, online there are some tools - ssllabs, sslmate, check-your-website.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.