Are you using CAA records?

With the approval of ballot 187 the Certificate Authorities must check and respect the CAA records that are found in the DNS of a domain. This additional check is active since September 17, 2017. CAA stands for Certification Authority Authorization and  is a standard designed to help the owners of a domain by preventing the issuance of rogue or unauthorized SSL/TLS certificates for that domain.

Read more