Create CAA DNS record that support any sub-domain Create CAA DNS record tha...

Topic: Create CAA DNS record that support any sub-domain

Post Create CAA DNS record that support any sub-domain
by mjb2019 on Thursday, March 30, 2023

Here is my domain: dandelionsystem.my

DNSSEC: enabled

I created 2 CAA dns record as follow:

Node: <blank>
Type: CAA
TTL: 120
Flags: 0
Tag: issue
Value: letsencrypt.org

Node: www
Type: CAA
TTL: 120
Flags: 0
Tag: issue
Value: letsencrypt.org

at my web server, I am able to create Let's Encrypt SSL for the following:

dandelionsystem.my
www.dandelionsystem.my

however, when I try to create SSL for test2.dandelionsystem.my
I received error message as follow:

{"type":"urn:ietf:params:acme:error:dns","detail":"DNS problem: SERVFAIL looking up CAA for test2.dandelionsystem.my - the domain\u0027s nameservers may be malfunctioning","status":400,"instance":null}

if I tried to create another CAA:

Node: test2
Type: CAA
TTL: 120
Flags: 0
Tag: issue
Value: letsencrypt.org

then it works, the SSL created successfully.

My question is, how to set the CAA, so that I won't have to create new CAA for every new sub-domain?

Is it able to create single CAA that allows Let's Encrypt SSL to install on new sub-domain (without creating additional CAA)?

thanks.

Reply with quote | Report
Post Re: Create CAA DNS record that support any sub-domain
by timothytw on Monday, April 10, 2023

CAA record tutorial can be found at https://www.dynu.com/Resources/DNS-Records/CAA-Record. For subdomains, @ 10800 IN CAA 0 issuewild "letsencrypt.org"

Reply with quote | Report
Friday, March 29, 2024 4:13 AM
Loading...