Hi All,
I'm having trouble getting a LE cert. I have added a CAA records to LE to issue a wildcard cert.
But I get the error "CAA record for dev2.hurstinternal.co.uk prevents issuance".
Can some one please point me in the right direction to troubleshoot ?
I'm not that familiar with CAA, but the hostname for which the error is, isn't a wildcard hostname. I'm guessing you'll need to set both issue as wel as issuewild.
https://sslmate.com/caa/ tells me for a non-wildcard and wildcard cert you just set issuewithout setting issuewild.
OK, so if I understand the RFC correctly, the issue property is valid for any label, but the issuewild is only valid for wildcard domains. Therefore, any wildcard certificate also containing a regular hostname, would require a valid issue property, as the issuewild wouldn't cover it.