Update Certificate Authority Authorization (CAA) DNS Records
CAA DNS records are used to add an additional layer of protection by restricting the Certification Authorities that can issue SSL certificates for a domain. Once setup, systems can then verify that the authorized certificate providers in the CAA DNS records matches one of the entries reported in the site's certificate.
To avoid any potential certification issues where the domain entered for the Custom Branded URL utilizes a CAA DNS record, it is necessary to add Let's Encrypt (letsencrypt.org) as an authorized Certification Authority (CA) either for the domain itself or the specific Dashboard subdomain. Please be aware that a CAA record configured at the domain level also applies to any of its subdomains, only set the CAA record for the subdomain where you wish to use a different CA to the main domain.
For example:
Domain
mydomain.com. IN CAA 0 issue "letsencrypt.org"
Subdomain
dashboard.mydomain.com. IN CAA 0 issue "letsencrypt.org"
Our certificates have a 90-day lifetime. To guarantee you do not experience access issues or errors after the certificates renew, please ensure the letsencrypt.org entry remains in your CAA record.
Add a CAA DNS Record
Multiple CAA Records are supported per domain and if you are using a domain reseller's DNS servers, there will usual be a facility on the domain control panel that allows you to manage your CAA DNS records through a form-based interface.
Depending on your domain reseller/agent's DNS configuration it may take up 24 hours for these changes to propagate.
The domain interface can vary between domain resellers and the following example covers the creation of a CAA DNS record based on the GoDaddy control panel:
- Login to your GoDaddy account
- Go to My Products > Manage All
- Click Manage against the target domain to display all Records configured for the DNS Zone
- Click Add Record and enter the following details:
- Click Save to apply
Option |
Value |
Notes |
Type |
CAA |
Record type |
Name |
hostname |
Name of domain or subdomain the CAA Record applies to. Use @ to apply at the domain level |
Flags |
0 |
Criticality, 0 for not critical (only supported value) |
Tag |
Issue |
issue: authorizes the CA provider to issue a certificate for the hostname |
Value |
letsencrypt.org |
Domain name of the CA provider |
TTL |
1 hour |
How long the local resolver should cache this record |
Visit Certificate Authority Authorization (CAA) for further information on Let's Encrypt' CAA Configuration.
What do you want to do?
- Create a DNS CNAME Record and link it to the Dashboard
- Let's Encrypt: Certificate Authority Authorization (CAA) (External)
- Let's Encrypt (External)
- Dashboard
Please note that we are not responsible for the content of external sites.