-
-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make use of "caa-identities" metadata #4836
Comments
This would be a good volunteer task if the core team specified what the mechanism of exposure was? |
We've made a lot of changes to Certbot since this issue was opened. If you still have this issue with an up-to-date version of Certbot, can you please add a comment letting us know? This helps us to better see what issues are still affecting our users. If there is no further activity, this issue will be automatically closed. |
Still relevant, bot. |
One update: per RFC 8555 Section 7.1.1 this is now the |
We've made a lot of changes to Certbot since this issue was opened. If you still have this issue with an up-to-date version of Certbot, can you please add a comment letting us know? This helps us to better see what issues are still affecting our users. If there is no activity in the next 30 days, this issue will be automatically closed. |
This issue has been closed due to lack of activity, but if you think it should be reopened, please open a new issue with a link to this one and we'll take a look. |
Probably still a good idea, inadvertably closed by stalebot. |
We've made a lot of changes to Certbot since this issue was opened. If you still have this issue with an up-to-date version of Certbot, can you please add a comment letting us know? This helps us to better see what issues are still affecting our users. If there is no activity in the next 30 days, this issue will be automatically closed. |
In addition, certbot could provide a hook (or something like that) to automatically update the DNS CAA records for the specific domains covered by the ACME order. |
If the ACME server exposes a
"caa-identities"
key in its/directory
response's"meta"
key, Certbot should expose that to users so that they know what string to use if they wish to configure CAA.Additionally, if the ACME servers exposes such a key, Certbot could attempt to verify the domain does not have a conflicting CAA record prior to trying to obtain a certificate (to fail fast with a helpful error message).
See also:
The text was updated successfully, but these errors were encountered: