diff --git a/checker/interactive.go b/checker/interactive.go
index 18ff51d..3d92759 100644
--- a/checker/interactive.go
+++ b/checker/interactive.go
@@ -36,6 +36,7 @@ func (p *caaProvider) ParseForm(r *http.Request) (sdk.CheckerOptions, error) {
 		return nil, errors.New("domain is required")
 	}
 	domain = dns.Fqdn(domain)
+	bare := strings.TrimSuffix(domain, ".")
 
 	records, err := lookupCAA(domain)
 	if err != nil {
@@ -55,12 +56,12 @@ func (p *caaProvider) ParseForm(r *http.Request) (sdk.CheckerOptions, error) {
 
 	svc := serviceMessage{
 		Type:    serviceType,
-		Domain:  strings.TrimSuffix(domain, "."),
+		Domain:  bare,
 		Service: svcBody,
 	}
 
 	return sdk.CheckerOptions{
-		"domain":  strings.TrimSuffix(domain, "."),
+		"domain":  bare,
 		"service": svc,
 	}, nil
 }
@@ -74,12 +75,12 @@ func lookupCAA(fqdn string) ([]CAARecord, error) {
 		return nil, err
 	}
 
+	c := new(dns.Client)
 	for name := fqdn; name != "" && name != "."; {
 		msg := new(dns.Msg)
 		msg.SetQuestion(name, dns.TypeCAA)
 		msg.RecursionDesired = true
 
-		c := new(dns.Client)
 		in, _, err := c.Exchange(msg, resolver)
 		if err != nil {
 			return nil, err
diff --git a/checker/rule.go b/checker/rule.go
index 512795f..20c166b 100644
--- a/checker/rule.go
+++ b/checker/rule.go
@@ -32,7 +32,6 @@ type issuerAgg struct {
 	severity  string
 	code      string
 	msg       string
-	fix       string
 	endpoints map[string]bool
 }
 
@@ -117,7 +116,7 @@ func (r *caaRule) Evaluate(ctx context.Context, obs sdk.ObservationGetter, opts
 	// info just because one probe happened to be unresolvable.
 	agg := map[string]*issuerAgg{} // keyed by AKI+DN
 
-	issue := func(p *tlsProbeView, severity, code, msg, fix string) {
+	issue := func(p *tlsProbeView, severity, code, msg string) {
 		k := p.IssuerAKI + "|" + p.IssuerDN
 		cur, ok := agg[k]
 		if !ok {
@@ -128,7 +127,6 @@ func (r *caaRule) Evaluate(ctx context.Context, obs sdk.ObservationGetter, opts
 			cur.severity = severity
 			cur.code = code
 			cur.msg = msg
-			cur.fix = fix
 		}
 		if addr := p.address(); addr != "" {
 			cur.endpoints[addr] = true
@@ -138,16 +136,14 @@ func (r *caaRule) Evaluate(ctx context.Context, obs sdk.ObservationGetter, opts
 	for _, p := range probes {
 		if al.disallowIssue {
 			issue(p, SeverityCrit, CodeIssuanceDisallowed,
-				fmt.Sprintf("CAA policy forbids issuance (issue \";\") but a certificate was observed on %s", p.address()),
-				"Remove the CA 0 issue \";\" record, or stop serving TLS certificates for this domain.")
+				fmt.Sprintf("CAA policy forbids issuance (issue \";\") but a certificate was observed on %s", p.address()))
 			continue
 		}
 
 		domains, ok := Lookup(p.IssuerAKI, p.IssuerDN)
 		if !ok {
 			issue(p, SeverityInfo, CodeIssuerUnknown,
-				fmt.Sprintf("Observed issuer not found in CCADB (AKI=%q, DN=%q)", p.IssuerAKI, p.IssuerDN),
-				"File a CCADB update for this CA, or verify the cert was issued by a real CA.")
+				fmt.Sprintf("Observed issuer not found in CCADB (AKI=%q, DN=%q)", p.IssuerAKI, p.IssuerDN))
 			continue
 		}
 
@@ -158,21 +154,18 @@ func (r *caaRule) Evaluate(ctx context.Context, obs sdk.ObservationGetter, opts
 		if !hasPolicy {
 			issue(p, SeverityInfo, CodeOK,
 				fmt.Sprintf("No CAA records published; certificate on %s issued by %s (CAA identifier %s).",
-					p.address(), issuerLabel(p), strings.Join(domains, ", ")),
-				fmt.Sprintf("Publish %q IN CAA 0 issue %q to lock future issuance to %s.",
-					data.Domain, domains[0], domains[0]))
+					p.address(), issuerLabel(p), strings.Join(domains, ", ")))
 			continue
 		}
 
 		if !intersects(domains, al.issueAll) {
 			issue(p, SeverityCrit, CodeNotAuthorized,
 				fmt.Sprintf("Certificate on %s issued by %s (CAA identifier %s) is not authorized by the zone's CAA issue records",
-					p.address(), issuerLabel(p), strings.Join(domains, ", ")),
-				"Either update the CAA record to authorize this CA, or re-issue with an authorized CA.")
+					p.address(), issuerLabel(p), strings.Join(domains, ", ")))
 			continue
 		}
 
-		issue(p, "", "", "", "")
+		issue(p, "", "", "")
 	}
 
 	// Emit one CheckState per distinct issuer, keyed deterministically so
@@ -239,6 +232,19 @@ func severityRank(s string) int {
 	}
 }
 
+func severityToStatus(s string) sdk.Status {
+	switch s {
+	case SeverityCrit:
+		return sdk.StatusCrit
+	case SeverityWarn:
+		return sdk.StatusWarn
+	case SeverityInfo:
+		return sdk.StatusInfo
+	default:
+		return sdk.StatusOK
+	}
+}
+
 // intersects reports whether any element of lhs is present in the set.
 func intersects(lhs []string, set map[string]bool) bool {
 	for _, s := range lhs {