Update Certificate Authority Authorization (CAA) DNS Records
CAA DNS records add an additional layer of protection by restricting the Certification Authorities that can issue SSL certificates for a domain. After setup, systems can verify that the authorized certificate providers in the CAA DNS records matches one of the entries reported in the site's certificate.
To avoid potential certification issues where the domain entered for the Custom branded URL utilizes a CAA DNS record, it is necessary to add Let's Encrypt (letsencrypt.org) as an authorized Certification Authority (CA) either for the domain itself or the specific N-sight RMM subdomain. Please be aware that a CAA record configured at the domain level also applies to any of its subdomains, only set the CAA record for the subdomain where you want to use a different CA to the main domain. For example,
Domain
mydomain.com. IN CAA 0 issue "letsencrypt.org"
Subdomain
dashboard.mydomain.com. IN CAA 0 issue "letsencrypt.org"
Our certificates have a 90-day lifetime. To guarantee you don't experience access issues or errors after the certificates renew, ensure the letsencrypt.org entry remains in your CAA record.
Add a CAA DNS Record
Multiple CAA Records are supported per domain and if you are using a domain reseller's DNS servers, there will usually be a facility on the domain control panel that allows you to manage your CAA DNS records through a form-based interface.
Depending on your domain reseller/agent's DNS configuration it may take up 24 hours for these changes to propagate.
The domain interface can vary between domain resellers and the following example covers the creation of a CAA DNS record based on the GoDaddy control panel:
- Login to your GoDaddy account
- Go to My Products > Manage All
- Click Manage against the target domain to display all Records configured for the DNS Zone
- Click Add Record and enter the following details:
- Click Save to apply
| Option | Value | Note |
|---|---|---|
| Type | CAA | Record type |
| Name | hostname | Name of domain or subdomain the CAA Record applies to. Use @ to apply at the domain level |
| Flags | 0 | Criticality, 0 for not critical (only supported value) |
| Tag | Issue | issue: authorizes the CA provider to issue a certificate for the hostname |
| Value | letsencrypt.org | Domain name of the CA provider |
| TTL | 1 hour | How long the local resolver should cache this record |
Visit Certificate Authority Authorization (CAA) for further information on Let's Encrypt' CAA Configuration.
Related articles
- Create a DNS CNAME Record and link it to N-sight RMM
- Let's Encrypt: Certificate Authority Authorization (CAA) (External)
- Let's Encrypt (External)
- Interface overview
Please note that we are not responsible for the content of external sites.