Hi,
Regarding the new account-uri implementation for CAA records ACME-CAA “validation-methods” support I don’t know what is the right uri we should use to validate our account.
If we check our reg file: /etc/letsencrypt/accounts/acme-staging-v02.api.letsencrypt.org/directory/xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx/regr.json
We will see an uri field for our account, something like this:
"uri": "https://acme-staging-v02.api.letsencrypt.org/acme/acct/abcdefg"
So I created a CAA record
0 issue "letsencrypt.org\; account-uri=https://acme-staging-v02.api.letsencrypt.org/acme/acct/abcdefg"
and tried it but I got this error:
Failed authorization procedure. sub.domain.tld (dns-01): urn:ietf:params:acme:error:caa :: CAA record for sub.domain.tld prevents issuance
If we check boulder code for accountURIPrefixes https://github.com/letsencrypt/boulder/search?q=accountURIPrefixes&unscoped_q=accountURIPrefixes we see a couple of examples for uri prefixes:
http://boulder:4000/acme/reg/
https://letsencrypt.org/acct/reg/
So I tried:
https://acme-staging-v02.api.letsencrypt.org/acme/acct/abcdefg
https://acme-staging-v02.api.letsencrypt.org/acct/reg/abcdefg
https://letsencrypt.org/acct/reg/abcdefg
But the only one that works is:
https://acme-staging-v02.api.letsencrypt.org/acme/reg/abcdefg
0 issue "letsencrypt.org\; account-uri=https://acme-staging-v02.api.letsencrypt.org/acme/reg/abcdefg"
And that is the format for uri in api version 01 (acme/reg) instead of the format in new api version 02 (acme/acct) so for me it is a bit confuse 
.
My questions:
1.- Is https://acme-staging-v02.api.letsencrypt.org/acme/reg/abcdefg the right uri to use in account-uri param (I suppose it is because it works 
but…)?.
2.- Would this change in a future to https://acme-staging-v02.api.letsencrypt.org/acme/acct/abcdefg"?
Thank you in advance.
Cheers,
sahsanu