Open renne opened 1 year ago
@alexAubin @tituspijean Just add additional CAA resource records in /src/dns.py lines 141 and 251 (dev-branch) with the "issuewild" tag. It is the same record like the "issue" tag:
;; CAA Records
example.com. 3600 IN CAA 0 issue "letsencrypt.org"
example.com. 3600 IN CAA 0 issuewild "letsencrypt.org"
After that change Let's Encrypt wildcard-certificates can be requested via the DNS-challenge.
Describe the bug
The CAA DNS resource records suggested by Yunohost/created by the autodns feature include only an "issue" statement for single subdomain certificates. A strict implementation must not create wildcard certificates.
Context
To reproduce
Go to the DNS settings of a domain and view the suggested DNS CAA resource records -> no "issuewild" statement.
Expected behavior
The suggested CAA-RRs should contain an "issuewild" statement to allow the creation of wildcard subdomain certificates.