DNS | CAA record is wrong and is locked and generated by Appwrite

New DNS record was added without any notice, it is causing issues with subdomains and our issue is mostly with letsencrypt.org, please fix asap.

Appwrite is using only certainly.com as Authorized CA, custom subdomains are then blocked from generating certificate with letsencrypt.org https://acme-v02.api.letsencrypt.org/acme/chall/221020240/577280769517/Z5rloA

Appwrite should only append certainly.com if it's missing from CAA records, now it incorrectly overwrote previous CAA with value only for certainly.com.

@eldad

Please, avoid random ping

Afaik subdomains can have different CAA

DNS | CAA record is wrong and is locked and generated by Appwrite

Good point, you can configute CAA for letsencrypt for your subdomain, to ensure nothing else than letsencrypt can generate for that subdomain. Alternatively, alongside our certainly CAA record on root-level domain, you can add your own CAA record for letsencrypt. this way all domains and subdomains will be allowed to use both certainly (our need) and lets encrypt (your need)

Also if I may ask, do you self-host some service on a subdomain, requiring certificate from letsencrypt? Or 3rd party service? If you are fine sharing that with me, it can help us better understand this use-case