As the author of the relevant RFC it's great to see this finally getting turned on. To my knowledge this is the first production deployment.<p>To Let's Encrypt, thanks for finally making this happen.
Am I understanding correctly that these new fields <i>must</i> be included as part of the "issue" record, not as a record of its own? Right now, I have:<p>===<p># dig CAA hass.a-rwx.org +short<p>0 iodef "mailto:admin@lesaker.org"<p>0 issue "letsencrypt.org"<p>0 issuewild ";"<p>===<p>Can I add an additional TXT record for "validationmethods=dns-01", or do I need to append it to the "issue" record?