Update Certificate Authority Authorization (CAA) DNS Records

CAA DNS records are used to add an additional layer of protection by restricting the Certification Authorities that can issue SSL certificates for a domain. Once setup, systems can then verify that the authorized certificate providers in the CAA DNS records matches one of the entries reported in the site's certificate.

To avoid any potential certification issues where the domain entered for the Custom Branded URL utilizes a CAA DNS record, it is necessary to add Let's Encrypt (letsencrypt.org) as an authorized Certification Authority (CA) either for the domain itself or the specific Dashboard subdomain. Please be aware that a CAA record configured at the domain level also applies to any of its subdomains, only set the CAA record for the subdomain where you wish to use a different CA to the main domain.

For example:

Domain

mydomain.com.                        IN        CAA        0        issue        "letsencrypt.org"

Subdomain

dashboard.mydomain.com.        IN        CAA        0        issue        "letsencrypt.org"

Our certificates have a 90-day lifetime. To guarantee you do not experience access issues or errors after the certificates renew, please ensure the letsencrypt.org entry remains in your CAA record.

Add a CAA DNS Record

Multiple CAA Records are supported per domain and if you are using a domain reseller's DNS servers, there will usual be a facility on the domain control panel that allows you to manage your CAA DNS records through a form-based interface.

Depending on your domain reseller/agent's DNS configuration it may take up 24 hours for these changes to propagate.

The domain interface can vary between domain resellers and the following example covers the creation of a CAA DNS record based on the GoDaddy control panel:

  1. Login to your GoDaddy account
  2. Go to My Products > Manage All
  3. Click Manage against the target domain to display all Records configured for the DNS Zone
  4. Click Add Record and enter the following details:
  5. Option

    Value

    Notes

    Type

    CAA

    Record type

    Name

    hostname

    Name of domain or subdomain the CAA Record applies to. Use @ to apply at the domain level

    Flags

    0

    Criticality, 0 for not critical (only supported value)

    Tag

    Issue

    issue: authorizes the CA provider to issue a certificate for the hostname

    Value

    letsencrypt.org

    Domain name of the CA provider

    TTL

    1 hour

    How long the local resolver should cache this record

  6. Click Save to apply

Visit Certificate Authority Authorization (CAA) for further information on Let's Encrypt' CAA Configuration.

What do you want to do?

Please note that we are not responsible for the content of external sites.