Because CAA records are not natively supported in Windows Server DNS service, then you need to do this manually. I created a PowerShell script for that:
$zone = 'yourdomain.com'
$provider = 'letsencrypt.org'
$caa = "00056973737565" + ([BitConverter]::ToString($provider.ToCharArray())).Replace("-", "")
Add-DnsServerResourceRecord -ZoneName $zone -Name '@' -Type 257 -RecordData $caa
This script must be executed in Windows Server, where DNS service is installed and contains your external DNS zone.
Your zone name must be written on the first line and your provider name must be on next line
To verify your CAA record in internet, search for CAA checker page and type there your domain name and hit the Check button.
No comments:
Post a Comment