diff --git a/.github/workflows/common.yml b/.github/workflows/common.yml
index c0c23d4..4e94298 100644
--- a/.github/workflows/common.yml
+++ b/.github/workflows/common.yml
@@ -12,6 +12,9 @@ jobs:
     - name: Checkout 📋
       uses: actions/checkout@v2
 
+    - name: Run spellchecker
+      uses: crate-ci/typos@v1.19.0
+
     - name: Setup 🏗️
       run: |
         sudo apt-get install --yes xml2rfc ruby
diff --git a/.typos.toml b/.typos.toml
new file mode 100644
index 0000000..cdffc4b
--- /dev/null
+++ b/.typos.toml
@@ -0,0 +1,13 @@
+[files]
+extend-exclude = [
+    ".devcontainer/",
+    ".git/",
+    ".github/",
+    "vendor/",
+]
+ignore-hidden = false
+
+
+[default.extend-words]
+# Secure Hash Standard
+"SHS" = "SHS"
diff --git a/draft-ietf-acme-scoped-dns-challenges.mkd b/draft-ietf-acme-scoped-dns-challenges.mkd
index d6a61fe..837d7cb 100644
--- a/draft-ietf-acme-scoped-dns-challenges.mkd
+++ b/draft-ietf-acme-scoped-dns-challenges.mkd
@@ -151,7 +151,7 @@ On receiving a response, the server constructs and stores the key authorization
 To validate the `dns-02` challenge, the server performs the following steps:
 
 - Compute the SHA-256 digest {{FIPS180-4}} of the stored key authorization
-- Compute the validation domain name with the scope of the associated authorization similiar to the client
+- Compute the validation domain name with the scope of the associated authorization similar to the client
 - Query for `TXT` records for the validation domain name
 - Verify that the contents of one of the `TXT` records match the digest value