Implement DNS Certification Authority Authorization (CAA) resource record
Certification Authority Authorization (CAA), defined in RFC 6844, is a standard that allows domain name owners to control which CAs are allowed to issue certificates for their properties.
ssllabs.com has implemented the detection for this record when checking for the SSL grade they give. To prevent getting graded down and use state of the art techniques for ssl security I would usggest to allow adding those nameserver record.
ssllabs announcement https://blog.qualys.com/ssllabs/2017/01/13/whats-new-ssl-labs-1-26-5
This functionality is now available in the Plesk 17.8 preview. We encourage you to check the implementation and let us know what you think. Please visit the following forum thread to learn how to access the preview: https://talk.plesk.com/threads/plesk-onyx-17-8-preview.343283/
We would appreciate hearing your feedback on the implementation of this functionality. Thanks in advance!
Does is also work in plesk for windows?
It would be great to have backport to plesk 17.5. Please provide this functionality to us with a feature update for 17.5.
Plesk needs to updated their response from Jul 24, 2017. They have already implemented CAA in their beta version: Plesk Onyx 17.8. See the changelog: CAA DNS records are now supported in Plesk dated August 7, 2017. Plesk Onyx 17.8 Preview 4.
When 17.8 is stable, you'll be able to have the feature or you can move to beta version now and have the feature. (Not recommended for production systems.
Roberto Tramelli commented
Usefull, please add
Agreed - I would also like to see this functionality in Plesk
usefull feature, please add
Lee Nux commented
Lloyd, don't panic :)
“2. Do I need to add a CAA record to my domain before September 2017?
No. The CAA record is optional for domain owners. If you don’t have a CAA record in place in September, issuing certificates for your domain will remain just as it is today.”
Even your link (https://support.comodo.com/index.php?/Knowledgebase/Article/View/1204/1/caa-record---certification-authority-authorization) mentioned this: "If no CAA record is present, any CA is allowed to issue a certificate for the domain."
Lloyd Day commented
"if it will be popular."
No, we HAVE to have it! And by September if memory serves or we won't be able to get certificates for our domains!!!
"All CA's will be mandated to check CAA DNS records starting in late 2017. Comodo, however, has been supporting this on ALL certificates for the last 12+ months. "
So this is urgent
+1 yes we need this asap please
Hi, why it needs to be suggession ? There is a RFC for me is there no space for discussion or if or if not ...
Halil Kaya commented
up ref :)
Yes need this asap !!!
Seems it's needed for let's encrypt now
please add this feature
Leonardo Leite da Silva commented
Please add this awesome resource
September (already mentioned) will arrive very quickly.... It would be very useful and much appreciated if this became functional quite soon. Editing zone files manually isn't a great option...
I have a number of clients who's IT departments are already investigating adding these records to their zones. Just being able to manually add the records would be fine but a wizard would be better with check boxes for the major vendors.