September = CAA validation month!
As of September 2017, every Certificate Authority is obligated to check the CAA DNS records for a domain it is about to issue a certificate to. This gives more control to the domain owner and can limit which Certificate Authorities are allowed to issue certificates.
This change had been announced a long time ago and is, as of today, in effect.
Source: CAA record checking now mandatory for Certificate Authorities – DNS Spy Blog