Hello! After activating Let's Encrypt for a Domain, CAA records are automatically created. Is there a way to prevent this? Often the Let's Encrypt certificates are only created to bridge until the original certificate is available.
If you do not want Let's Encrypt certificate, do not choose it. Get that other kind of certificate and enter it in the SSL tab.
I had not heard of this, and just checked the code but I don't see any function that does this. If it would exist I would be 99% sure we would have added a checkbox. Maybe this is a local change you made to a private branch?
Pardon, but OP is right. It seems to be the default behavior that ISPConfig creates a CAA record when Let's Encrypt is enabled. Somehow I arranged myself with that behaviour over the years but from my own experience I can tell that it can get frustrating if one is not aware of this default behaviour and wants to issue a certificate from a certification authority and wonders why there is no progression in the issueing process.
If that's the case, we should add a function to disable that, probably even disable it by default. Will look into the code.
Probably could leave it enabled by default, as this thread demonstrates it is an issue so infrequently that even after several years, most people don't know it exists. When you are using a certificate from a new authority, you simply add another CAA record for it (and delete the old one if appropriate).
I can live with it, if it is enabled by default. Nevertheless it would be nice to have a checkbox to disable this behaviour.
