My domain is
Today i attempted to purchase a https certificate from globalsign, but, their system rejcted me by the message of :
CAA Failed: …
And i dig
➜ ~ dig typeboom.com caa ; <<>> DiG 9.10.6 <<>> typeboom.com caa ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17414 ;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;typeboom.com. IN CAA ;; ANSWER SECTION: typeboom.com. 1491 IN CAA 0 issue "comodoca.com" typeboom.com. 1491 IN CAA 0 issue "letsencrypt.org" typeboom.com. 1491 IN CAA 0 issue "digicert.com; cansignhttpexchanges=yes" typeboom.com. 1491 IN CAA 0 issuewild "digicert.com; cansignhttpexchanges=yes" typeboom.com. 1491 IN CAA 0 issuewild "letsencrypt.org" typeboom.com. 1491 IN CAA 0 issuewild "comodoca.com" ;; Query time: 42 msec ;; SERVER: 220.127.116.11#53(18.104.22.168) ;; WHEN: Wed Sep 08 22:41:13 CST 2021 ;; MSG SIZE rcvd: 297 ➜ ~
Seems CloudFlare authorized only there Certificate Authority defaultly:
- Let’s Encrypt
My questions are:
- Why did you must create the CAA records automatically?
- My domain i never created any CAA before, is that will causing any problem when CloudFlare generate the so-called universal SSL?
- WILL NOT that be harmful to Neutrality of CloudFlare？
- WILL NOT that be some violation of antitrust, and unfair competition？
Hopefully CloudFlare will only reply the code for this was a bug.