Let’s Encrypt There is no need to verify CAA, which domain name resolvers support it
Hi @bakppx
CAs must check if there is a CAA entry. Read
CA/Browser Forum discussion began shortly afterward,[4] and in March 2017 they voted in favor of making CAA implementation mandatory for all certificate authorities by September 2017.
So Letsencrypt must check, if there is a CAA and the name server software must have a correct answer (nodata or the data, but not Servfail or NotImplemented).
Dig offline, online there are some tools - ssllabs, sslmate, check-your-website.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.