Closed Seirdy closed 11 months ago
IETF RFC
This allows a CAA record to not only control who is allowed to issue certificates, but also which ACME accounts may receive certificates and which domain validation methods are acceptable. Applicable if DNSSEC works.
Sample CAA record for seirdy.one:
seirdy.one
letsencrypt.org; validationmethods=http-01; accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/101166947
ready should check for this.
Implementing warnings for both missing accounturi and validationmethod for CAA records that contain "issue"
accounturi
validationmethod
IETF RFC
This allows a CAA record to not only control who is allowed to issue certificates, but also which ACME accounts may receive certificates and which domain validation methods are acceptable. Applicable if DNSSEC works.
Sample CAA record for
seirdy.one
:ready should check for this.