Support RFC 8657 CAA extensions where applicable #107
Description
RFC 8657 adds two extensions to issue and issuewild CAA records: validationmethods and accounturi. The former dictates the challenge methods that may be used. The CAA checker should verify that this parameter, if set, allows the selected challenge method being tested.
The accounturi parameter is harder to test. We can't possibly know the correct URLs needed by the user. However, we could warn for common misconfigurations:
- Invalid/Non-Let's Encrypt account uri set for a Let's Encrypt CAA record
- Missing staging account uri (only production), preventing the user from issuing test certificates