Is it possible to add CAA record in Plesk?

Follow

Comments

6 comments

  • Avatar
    Robert

    Generation of new CAA certificate is not possibe for haing 1 domain with 2 domain alias where on 1 Domain Alias the  "Redirect with the HTTP 301 code" is turned OFF.

    Authenticate not possible for the give Domain Alias :-(

    When turning on 301 ON again for Alias , Certificate will regenerate

  • Avatar
    Alisa Kasyanova

    @Robert
    Was "Synchronize DNS zone with the primary domain" option enabled for the aliases? It should have been in order to add the same CAA to aliases' DNS records.
    You can also enable LE debug as per https://support.plesk.com/hc/en-us/articles/115003730934-How-to-Enable-Let-s-Encrypt-extension-debug-logging and view /var/log/plesk/panel.log for more detailed errors in case any issues with LE arise in future.

  • Avatar
    Robert

    Yes Synchronize DNS zone with the primary domain is on for all Aliases
    Only the Redirect with the HTTP 301 code of off for one of the 3 Aliases that is causing the certificate trouble.
    Ive enable extension log just in case, but it would be nice if you could try this out as well from your side.

  • Avatar
    Ivan Postnikov

    Hello @Robert,

    The issue was not reproduced in a test environment.

    Seems that deeper investigation is required.

    For this, it is required to submit a support request. The instruction on how to do it depending on where the license was purchased may be found here.

  • Avatar
    Markus Wernecke

    Hi,

    I would be interested in the common usage of CAA. How many percent of Plesk users/administrators are using it, like a trend, not exactly. As we know there are necessary implementations, and on the other side there are also unimportant things which have nothing to do with domain/Internet security in the deeper meaning.

  • Avatar
    Ivan Postnikov

    Hello @Markus,

    Unfortunately, I cannot provide you with exact numbers and detailed information on this. Generally, the feature is quite popular.

     > As we know there are necessary implementations, and on the other side there are also unimportant things which have nothing to do with domain/Internet security in the deeper meaning.

    Indeed, CAA itself is not mandatory for now.

Please sign in to leave a comment.

Have more questions? Submit a request