DNS Certification Authority Authorization
Since Let’s Encrypt and the ACME protocol it is much easier to obtain a certificate without any human intervention. This allows anyone with control over the endpoint to issue certificates (https://letsencrypt.org/how-it-works/).
DNS Certification Authority Authorization (CAA) is an Internet security policy mechanism which allows domain name holders to indicate to certificate authorities whether they are authorized to issue digital certificates for a particular domain name.
$ dig +short CAA newcubator.com 0 issue "amazon.com"