← GoDaddy cases
Bugzilla #1904748 Certificate Problem Report

GoDaddy : CAA checks did not properly handle issuewild tag allowing FQDN SANs to be added to wildcard certs

RESOLVED FIXED GoDaddy
AI Summary

GoDaddy identified a software bug in its CAA validation process that allowed certificates with the 'issuewild' tag to include Fully Qualified Domain Names (FQDN) as Subject Alternative Names (SANs) on wildcard certificates, violating RFC 8659. This issue was reported on June 23, 2024, and affected 847 active certificates. A fix was implemented, and 843 certificates were revoked on June 28, 2024. GoDaddy has since deployed synthetic monitoring to ensure compliance with CAA records.

Model: gpt-4o-mini Generated: 2026-06-13 21:32 UTC Confidence: 0.95
Chronology
  1. GoDaddy received a certificate problem report regarding CAA checks.
  2. GoDaddy revoked 843 certificates affected by the issue.
  3. Synthetic monitoring for CAA record detection was deployed.
Participants
star@godaddy.com pouyan.tehrani@tu-dresden.de rdaurne77@gmail.com bwilson@mozilla.com
External References
Original Bugzilla Case bugzilla.mozilla.org www.rfc-editor.org
Similar Local Cases
#1904749 RESOLVED Certificate Problem Report Opened 2024-06-26 · Closed 2024-10-31 · 81% similar
GoDaddy : CAA checks passed when records contained incorrect variants of godaddy.com or starfieldtech.com
AI Summary CA Owner
#1905419 RESOLVED Certificate Problem Report Opened 2024-06-28 · Closed 2024-10-31 · 71% similar
GoDaddy: Intermittent unauthorized OCSP response when certificate is freshly issued
AI Summary CA Owner
#1605804 RESOLVED Certificate Problem Report Opened 2019-12-24 · Closed 2023-02-22 · 58% similar
GoDaddy: Domain Validation Reuse Issue
AI Summary CA Owner
#1829024 RESOLVED Certificate Problem Report Opened 2023-04-19 · Closed 2023-05-05 · 57% similar
GoDaddy: CRL Issuer Mismatch
AI Summary CA Owner
#1886788 RESOLVED Certificate Problem Report Opened 2024-03-21 · Closed 2024-06-01 · 56% similar
ACCV: Delayed revocation of TLS certificates affected by bug #1884532
AI Summary CA Owner
#1897630 RESOLVED Certificate Problem Report Opened 2024-05-19 · Closed 2024-08-15 · 55% similar
Entrust: Jurisdiction issue in some EV TLS & Code Signing certificates
AI Summary CA Owner
#1924992 RESOLVED Certificate Problem Report Opened 2024-10-16 · Closed 2025-04-03 · 55% similar
GoDaddy: Does not provide a method for domain owners to revoke their certificates
AI Summary CA Owner
#1897346 RESOLVED Certificate Problem Report Opened 2024-05-17 · Closed 2024-07-24 · 55% similar
SECOM: Difference in upper and lower case between CN field and SAN
AI Summary CA Owner

We use only essential cookies and local browser storage for preferences and security. See our Privacy Policy for details.

Confirm action