Let’s Encrypt There is no need to verify CAA, which domain name resolvers support it
CAs must check if there is a CAA entry. Read
So Letsencrypt must check, if there is a CAA and the name server software must have a correct answer (nodata or the data, but not Servfail or NotImplemented).
Dig offline, online there are some tools - ssllabs, sslmate, check-your-website.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.