DigiNews

Summary

ACME CAA extensions are set to become mandatory for all CAs starting March 2027. The article explains why Web PKI alone isn't sufficient for high-profile sites, and how DNSSEC, ACME, and CAA can be combined for strong cryptographic domain validation. It also covers how to configure CAA records to restrict certificate issuance to authorized ACME accounts and DNSSEC-validated validations.