On 18/10/16 11:26, Jacob Hoffman-Andrews wrote:
> DNS fail open or closed: Let's Encrypt currently treats a SERVFAIL when
> looking up CAA as "no CAA record present, okay to issue." However, we
> are working to change this, so a CAA SERVFAIL will prevent issuance. In
> our investigations we've found that 0.1% of domains with a current Let's
> Encrypt certificate return SERVFAIL for CAA.

Does that tend to be a permanent or a temporary condition?

Gerv
_______________________________________________
Public mailing list
Public@cabforum.org
https://cabforum.org/mailman/listinfo/public

Reply via email to