5 Mar
2020
5 Mar
'20
7:39 a.m.
I wrote:
I think this only applies to wildcard domain certs (e.g. “*.example.com”).
Sorry, no, I understand now, this is meant to provide an additional safeguard to prevent rogue CAs from issuing unauthorized certs for random domains. So it’s something that can apply to any domain. <https://geekflare.com/dns-caa-record/>