Update Certificate Authority Authorization (CAA) DNS Records

CAA DNS records add an additional layer of protection by restricting the Certification Authorities that can issue SSL certificates for a domain. After setup, systems can verify that the authorized certificate providers in the CAA DNS records matches one of the entries reported in the site's certificate.

To avoid potential certification issues where the domain entered for the Custom branded URL utilizes a CAA DNS record, it is necessary to add Let's Encrypt (letsencrypt.org) as an authorized Certification Authority (CA) either for the domain itself or the specific N-sight RMM subdomain. Please be aware that a CAA record configured at the domain level also applies to any of its subdomains, only set the CAA record for the subdomain where you want to use a different CA to the main domain. For example,

Domain

mydomain.com.                        IN        CAA        0        issue        "letsencrypt.org"

Subdomain

dashboard.mydomain.com.        IN        CAA        0        issue        "letsencrypt.org"

Our certificates have a 90-day lifetime. To guarantee you don't experience access issues or errors after the certificates renew, ensure the letsencrypt.org entry remains in your CAA record.

Add a CAA DNS Record

Multiple CAA Records are supported per domain and if you are using a domain reseller's DNS servers, there will usually be a facility on the domain control panel that allows you to manage your CAA DNS records through a form-based interface.

Depending on your domain reseller/agent's DNS configuration it may take up 24 hours for these changes to propagate.

The domain interface can vary between domain resellers and the following example covers the creation of a CAA DNS record based on the GoDaddy control panel:

  1. Login to your GoDaddy account
  2. Go to My Products > Manage All
  3. Click Manage against the target domain to display all Records configured for the DNS Zone
  4. Click Add Record and enter the following details:
  5. Option Value Note
    Type CAA Record type
    Name hostname Name of domain or subdomain the CAA Record applies to. Use @ to apply at the domain level
    Flags 0 Criticality, 0 for not critical (only supported value)
    Tag Issue issue: authorizes the CA provider to issue a certificate for the hostname
    Value letsencrypt.org Domain name of the CA provider
    TTL 1 hour How long the local resolver should cache this record
  6. Click Save to apply

Visit Certificate Authority Authorization (CAA) for further information on Let's Encrypt' CAA Configuration.

Related articles

Please note that we are not responsible for the content of external sites.