On 2020-02-29 UTC, Let’s Encrypt found a bug in our CAA code. Our CA software, Boulder, checks for CAA records at the same time it validates a subscriber’s control of a domain name. Most subscribers issue a certificate immediately after domain control validation, but we consider a validation good for 30 days. That means in some cases we need to check CAA records a second time, just before issuance
![2020.02.29 CAA Rechecking Bug - Incidents - Let's Encrypt Community Support](https://cdn-ak-scissors.b.st-hatena.com/image/square/11493d38279fd95c5c55cd262bc340aa693ee7ec/height=288;version=1;width=512/https%3A%2F%2Fglobal.discourse-cdn.com%2Fletsencrypt%2Foriginal%2F3X%2F4%2Fc%2F4c5760509a18adfc3bc657ba8bd49b301faaa66b.png)