Set up CAA

CAA records in your DNS restrict which CA can issue a certificate for this domain name.

Explanation:
https://blog.qualys.com/ssllabs/2017/03/13/caa-mandated-by-cabrowser-forum

https://sslmate.com/caa/
Let’s Encrypt:
CAA 128 iodef “mailto:abuse@example.com”
CAA 128 issue “letsencrypt.org”

Comodo:
CAA 128 iodef “mailto:abuse@example.com”
CAA 128 issuewild “comodo.com”

DirectAdmin for name server settings:
Configure directadmin.conf with dns_caa=1.