A CAA record gives you more control over the SSL certificates issued for your (sub)domain name. It allows you to specify which Certificate Authorities (CA) may issue an SSL certificate for your domain name. Renowned Certificate Authorities include Sectigo (formerly Comodo) and Let’s Encrypt.
A CAA record prevents another CA from issuing an SSL certificate for your domain name.
You can add multiple CAA records to your DNS settings to allow different CAs to issue an SSL certificate. If your DNS settings do not have a CAA record, any CA will be allowed to issue an SSL certificate for the domain. Adding a CAA record is therefore not mandatory!
If you create a CAA record for your root domain, that record will also apply to all underlying subdomains, unless you create a separate CAA record for a specific subdomain.
If you want to create a CAA record, please follow these steps in the control panel:
- Go to “My Products” > “DNS & Forwarding Management” > Click the “Manage DNS” button on the right side of your domain name.
- Select “CAA records” in the menu on the left (see picture at the bottom of this article).
- If you want to edit an existing CAA record, click “Edit”.
Make the changes and click “Save”.
If you want to add a new CAA record, click “Add”. In the “record” field, enter the subdomain for which you want to add the CAA record or leave it blank if you want to add it for the domain name itself. In the “content” field, enter the name of the CA and click “Add the CAA record”.
- Please note that the changes may require 1-4 hours to take effect. You can check all active records by visiting the is website.