|
|
|
|
|
|
by hlandau
1282 days ago
|
|
|
The way this works is, the part of a CAA record in quotes can have parameters added to it. These have been little used until now so many may not be familiar with this syntax but it's always been in the CAA spec. The examples at the end of the linked RFC are accurate. For example: ;; Must match account URI example.com. IN CAA 0 issue "letsencrypt.org; accounturi=https://some/acme/account/uri" ;; Must match account URI -OR- use dns-01 validation method example.com. IN CAA 0 issue "letsencrypt.org; accounturi=https://some/acme/account/uri" example.com. IN CAA 0 issue "letsencrypt.org; validationmethods=dns-01" ;; Must match account URI -AND- use dns-01 validation method example.com. IN CAA 0 issue "letsencrypt.org; validationmethods=dns-01; accounturi=https://some/acme/account/uri" I also just put up an article with some more explanation: https://www.devever.net/~hl/acme-caa-live |
|
|
Thanks for the clarification!