pmeerw's blog

Jul 2017

Mon, 03 Jul 2017


DNS CAA allows the holder of a domain to specify which certificate authorities are allowed to issue certificates for that domain.

Let's encrypt support is, as do recent versions of the bind DNS server. helps to get the DNS record correct. SSL Labs already checks for the CAA record.

Put this in your BIND zone file:

@	CAA	0 issue ""

posted at: 22:09 | path: /configuration | permanent link

Made with PyBlosxom