Home About News Products Blog

API endpoint for validating CAA record?

api
dns
https

#1

Using your API we can do POST /account/{accountId}/domain/{hostName}/renewCertificate to setup a new SSL certificate. This will fail if a CAA record is not added to the specified domain.

Are you planning on adding this as an API endpoint ex POST /account/{accountId}/domain/{hostName}/verifyCAA so we can verify this before renewing certificates?


#2

Hey Emil — it would be helpful to have more information on the details of the problem you’re seeing. In the event of CAA problems, our /renewCertificate route should already be returning details of what is wrong, not failing. Our api route is known to fail specifically if the DNS ignores the request, or returns an error when queried instead of responding “no record.” It can also fail if there is already a CAA record for that domain, or a parent zone that declares that only a CA other than Let’s Encrypt is allowed to issue certificates. Could you describe the situation in which you’re seeing the /renewCertificate route fail so we can provide further assistance?


#3

Ok thank you!

Do you have a documentation of these error responses and response codes? I could not find anything, your docs only refer to the api explorer?

It would be nice with a list or these together with the Swagger api explorer so you dont have to trail and error to find all different responses and cases to handle.