Add CAA DNS Record for PMA websites when possible #61
Comments
Gandi does not support it right now. But still it doesn't matter whether you use CA supporting this, as long as there is single CA not supporting CAA the benefit of having it is not really that big. |
it's mitigate many external attacks (attacker exploit CA process to create certs which will fail CAA checks) I don't follow the CAB discussions, but it looks like they planning to make the checking mandatory for all CAs, see: |
As Gandi now supports this, I've just added the CAA records. |
CAA DNS record used in order to specify which CA is allowed to generate certificates for domain, more information:
https://sslmate.com/labs/caa/
fix:
Add CAA record if possible (DNS provider support it) & target CA support it as well (letsencrypt has support https://community.letsencrypt.org/t/caa-setup-for-lets-encrypt/9893)
The text was updated successfully, but these errors were encountered: