AutoSSL added CAA DNS record?
Hello,
just noticed that some of our clients have CAA record in their DNS zone record.
We didn't add this record neither did client.
The only thing I can recall is clicking "issue AutoSSL for this account" to "force" immediate AutoSSL for the domain. Is it possible that this action added CAA record??
DNS record: xxx.xxx.xxx. 86400 IN CAA 0 issue comodoca.com
This was discovered because the client tried to issue a new certificate and the DNS record didn't allow this.
-
Hello @zodiac9797, Yes, this is part of the AutoSSL feature as of cPanel & WHM version 76: [QUOTE] AutoSSL preflight check for CAA records In cPanel & WHM version 76, we added a preflight check to AutoSSL. This check adds a Certificate Authority Authentication (CAA) record in the domain's zone file before AutoSSL orders a new certificate for that domain. For more information, read our 0 -
Hello @zodiac9797, Yes, this is part of the AutoSSL feature as of cPanel & WHM version 76: Can you provide more information about the problem this led to? Thank you.
Hi @cPanelMichael, we have a client hosted on our server (cPanel account) but for the web he is using another service. We have added an A record to his domain DNS zone to "redirect" his domain to another web hosting service (diferent server / IP address). He is still using our mail server and other things, but for web site he is using another company. The problem is that they use 'Let's Encrypt' SSL, and everything was working fine for the last year or so, but now when certificate expired their service was unable to renew it since there was a CAA record which limited his domain to comodo certificate. Basically the problem is when client has cPanel account on one server and use DNS record to redirect www. to another server which use diferent SSL certificate. I believe that the same problem will be with the MX record... Please let me know if I didn't explain the problem well enough.0 -
Hello @zodiac9797, we have a client hosted on our server (cPanel account) but for the web he is using another service. We have added an A record to his domain DNS zone to "redirect" his domain to another web hosting service (diferent server / IP address). He is still using our mail server and other things, but for web site he is using another company.
SSL certificates issued through the AutoSSL feature are only intended for domains that resolve to the cPanel & WHM server. In this case, you'll need to exclude the domain and it's subdomains from the AutoSSL feature using the0
Please sign in to leave a comment.
Comments
3 comments