Applicable to:
- Plesk for Linux
- Plesk for Windows
Question
How to add a CAA DNS record on a domain in Plesk?
Answer
Note: If the domain DNS zone is managed externally, the CAA DNS record has to be added to the DNS registrar
-
Go to Domains > example.com > DNS Settings > Click on Add Record > Set Record type as CAA and configure the DNS record with the required values > Click OK:
-
Apply the DNS changes to the domain DNS zone by clicking on the Update option:
-
Connect to the server via SSH
-
Run the following command:
# plesk bin dns --add example.com -caa caavalue -tag issue
* Where:
-
example.comis the domain where the CAA DNS record has to be included -
caavalueis the CAA resource value -
issueis the tag for the CAA record and the available options are:issue,issuewildoriodef
-
-
Connect to the server via RDP
-
Run the following command:
C:\> plesk bin dns --add example.com -caa caavalue -tag issue
* Where:
-
example.comis the domain where the CAA DNS record has to be included -
caavalueis the CAA resource value -
issueis the tag for the CAA record and the available options are:issue,issuewildoriodef
-
Comments
6 comments
Generation of new CAA certificate is not possibe for haing 1 domain with 2 domain alias where on 1 Domain Alias the "Redirect with the HTTP 301 code" is turned OFF.
Authenticate not possible for the give Domain Alias :-(
When turning on 301 ON again for Alias , Certificate will regenerate
@Robert
Was "Synchronize DNS zone with the primary domain" option enabled for the aliases? It should have been in order to add the same CAA to aliases' DNS records.
You can also enable LE debug as per https://support.plesk.com/hc/en-us/articles/115003730934-How-to-Enable-Let-s-Encrypt-extension-debug-logging and view /var/log/plesk/panel.log for more detailed errors in case any issues with LE arise in future.
Yes Synchronize DNS zone with the primary domain is on for all Aliases
Only the Redirect with the HTTP 301 code of off for one of the 3 Aliases that is causing the certificate trouble.
Ive enable extension log just in case, but it would be nice if you could try this out as well from your side.
Hello @Robert,
The issue was not reproduced in a test environment.
Seems that deeper investigation is required.
For this, it is required to submit a support request. The instruction on how to do it depending on where the license was purchased may be found here.
Hi,
I would be interested in the common usage of CAA. How many percent of Plesk users/administrators are using it, like a trend, not exactly. As we know there are necessary implementations, and on the other side there are also unimportant things which have nothing to do with domain/Internet security in the deeper meaning.
Hello @Markus,
Unfortunately, I cannot provide you with exact numbers and detailed information on this. Generally, the feature is quite popular.
> As we know there are necessary implementations, and on the other side there are also unimportant things which have nothing to do with domain/Internet security in the deeper meaning.
Indeed, CAA itself is not mandatory for now.
Please sign in to leave a comment.