[Enhancement] Add Support for ACME-CAA

telekom-mms / ansible-collection-acme

An Ansible collection for issuing certificates via the ACME protocol.

GNU General Public License v3.0

50 stars 9 forks source link

[Enhancement] Add Support for ACME-CAA #83

Open rndmh3ro opened 1 year ago

rndmh3ro commented 1 year ago

Description

For DNS-validation we could add support for the ACME-CAA record.

;; Only allow Let's Encrypt to issue certificates for this domain with this account
example.com. IN CAA 0 issue "letsencrypt.org; accounturi=https://some/lets-encrypt/account-id"

Additional information

See:

https://www.devever.net/~hl/acme-caa-live
https://ietf-wg-acme.github.io/acme-caa/
https://pacroy.com/lets-encrypt-acme-caa-limitation-97411ea6ebf5

avalor1 commented 1 year ago

As the check for this record is done via the Let's Encrypt servers i do not realy understand what you mean by supporting it. Do you want to optionaly create this dns entry/record via the role when doing a dns challenge?

rndmh3ro commented 1 year ago

Do you want to optionaly create this dns entry/record via the role when doing a dns challenge?

Yes, I thought about that.