Do you add CAA records to your DNS records?

Pete.S

Do you add CAA (Certification Authority Authorization) records to your DNS records?

Is it important for FQDNs that have Let's Encrypt certificates?

dbeato

I haven't done that in a long time however Let's Encrypt do check for it so it would matter if you have it implemented ahead of using Let's Encrypt.
https://letsencrypt.org/docs/caa/

scottalanmiller

@Pete-S said in Do you add CAA records to your DNS records?:

Do you add CAA (Certification Authority Authorization) records to your DNS records?

Is it important for FQDNs that have Let's Encrypt certificates?

Yes, but it is automatic with CloudFlare, not something that we have to think about.

marcinozga

Yes, but word of caution. If you get certs from multiple different providers, don't forget to add records for all of them. Otherwise getting certs will fail, and it's almost impossible to troubleshoot.

JaredBusch

@scottalanmiller said in Do you add CAA records to your DNS records?:

@Pete-S said in Do you add CAA records to your DNS records?:

Do you add CAA (Certification Authority Authorization) records to your DNS records?

Is it important for FQDNs that have Let's Encrypt certificates?

Yes, but it is automatic with CloudFlare, not something that we have to think about.

Automatic? No it is not. Cloudflare is a real company and they do not randomly add records to your DNS. If you want CAA records, you have to add them.

JaredBusch

@marcinozga said in Do you add CAA records to your DNS records?:

Yes, but word of caution. If you get certs from multiple different providers, don't forget to add records for all of them. Otherwise getting certs will fail, and it's almost impossible to troubleshoot.

Yes, like this.