Let's Encrypt and Certificate Authority Authorization

[spetrillo]

Hello all,

My Plesk server, which sits behind my OPNsense firewall, uses Let's Encrypt for all its website certificates. I would like to enable CAA, so that Let's Encrypt is the on CA that is authorized. Plesk provides a way to do this by enable BIND on the server and setting Let's Encrypt as the trusted CA. Can OPNsense handle this functionality, as I am using Unbound to handle all my DNS functionality.

Thanks,
Steve

[Monviech (Cedrik)]

The CAA record has to be made in the authoritative nameserver of the domain.

[spetrillo]

So if I use Cloudflare as my authoritative DNS I do it there correct?