Incorrect CAA issuer for Sectigo.com
Summary
Currently Comodo and Sectigo are under same certificate issuer when creating CAA DNS-record.
Issuer is set to comodoca.com when Sectico expects issuer to be sectigo.com, trust-provider.com or usertrust.com
Steps to reproduce
- Create new CAA DNS record using Sectigo / Comodo CA issuer.
- Issuer is set to comodoca.com
- Assigning certificate from Sectigo fails due incorrect CAA policy.
Correct behaviour
Separate Issuers for Comodo and Sectigo using different domains. Comodo -> comodoca.com Sectigo -> sectigo.com
Environment
Server OS + version: Rocky Linux 8.7 ISPConfig version: 3.2.9p1
Proposed fix
Separate Issuers for Comodo & Sectigo. Comodo -> comodoca.com Sectigo -> sectigo.com
Edited by Kimmo Rieskaniemi