Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

AutoSSL and CAA Records

Discussion in 'Security' started by royce, May 7, 2019.

  1. royce

    royce Registered

    Joined:
    Apr 30, 2010
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    125
    Location:
    Anchorage, AK
    I recently had a similar issue. I discovered that I had a general CAA record that only covered Let's Encrypt, and the service cert auto-renewal was silently failing because there was no more-specific CAA record for the service hostname that allowed Comodo/Sectigo to issue the requisite cert.

    I think it would be good for the cPanel service-certificate area to check for insufficient CAA coverage and report it in the UI as an error condition.
     
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,254
    Likes Received:
    479
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @royce


    The presence of a CAA record valid or invalid I believe is now reported in the AutoSSL logs this process though is a bit different for the hostname certificate. As a general rule if there is a CAA record for another provider it will exclude Sectigo but the lack of a CAA record should not prevent you from receiving a certificate.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice