• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Question What’s a CAA resource record?

D

dzammit

Guest
The Certification Authority Authorization, or CAA resource record is a proposal to improve the strength of the PKI ecosystem. It controls which CAs can issue certificates for a particular domain name, and so far there have only been a couple hundred sites adopting it. But not for much longer. According to CAB Forum’s mandate, certificate authorities now have to check CAA records following the procedure laid out in RFC 6844 when issuing SSL/TLS certificates. This was required as of Sept. 8th, 2017. But if you want the tl;dr version, we’ve summed it up for you right here.

CAA Records and Plesk

  1. You can list the CAs that are allowed to issue certificates for your domain in a CAA record.
  2. You don’t have to add CAA records for your domains. An absence of a CAA record means that any CA can issue certificates for the domain.
  3. Plesk supports CAA records starting from the Plesk Onyx 17.8 preview. We have no plans to backport this feature to earlier Plesk versions.
Limitations for CAA Records

  • Some DNS servers/services do not support CAA records.
  • If you want to allow several CAs to issue SSL/TLS certificates for your domain, you need to add multiple CAA records – one record per CA.
  • You can also add CAA records to the Server DNS Template.
How to make Let’s Encrypt your main CA


You can set Let’s Encrypt as the only CA allowed to issue SSL/TLS certificates for your domain in Plesk. The Let’s Encrypt community post has also got this one covered. Have a look at the process below:

lets_encrypt_ca.png

lets_encrypt_ca2.png


For more information you can have a look at the CAA documentation on Let’s Encrypt or Qualys’ article on the matter. And if you have any questions, please feel free to contact us here or on our forum – we’ll be happy to lend a hand.


The post What’s a CAA resource record? appeared first on Plesk.

Continue reading...
 
You must log in or register to reply here.

Similar threads

D
Question no TXT challenge proposed in Let's encrypt
Replies
2
Views
840
djovanov
D
R
Issue Problems Issuing a Let's Encrypt Certificate
Replies
6
Views
976
Robin McDermott
R
S
Issue Let's Encrypt/SSL It! empty domain name error
Replies
8
Views
1K
SilentWarrior
S
W
Question SSL Cert for Mail-Server
Replies
1
Views
626
Kaspar
K
D
Question Renewing Let's encrypt automatically
Replies
6
Views
2K
iainh
I
Back
Top