Overview
This article provides information on CAA records and how to manage them at DreamHost.
Background
Certification Authority Authorization (CAA) is an Internet security policy that prevents malicious users from creating false SSL/TLS certificates. It allows a website owner to specify which Certificate Authorities (CAs) are authorized to issue certificates by creating a CAA record.
Managing CAA records
This section provides information on how to create a CAA record depending on where your domain nameservers are pointing.
If your nameservers are pointing to DreamHost
-
If your nameservers are pointing to DreamHost, you can add them in your panel. See this article for instructions.
If your nameservers are not pointing to DreamHost
-
If your nameservers are NOT pointing to DreamHost, you must create them at the company where they currently point.
Configuring CAA records
Before adding an SSL certificate to your domain in your DreamHost panel, ensure the CAA records are compatible with DreamHost. There are two options:
- Option 1 — Completely remove your CAA records at your current hosting company.
- Option 2 — Retain your CAA records at your current hosting company but remove any conflicting CAA records before adding an SSL certificate in the DreamHost panel.
If you choose Option 2 (to retain existing CAA records), make sure you only use the records shown below. The CAA record you add depends on whether you're purchasing a Sectigo or Let's Encrypt SSL certificate from DreamHost.
Sectigo SSL
Add the following CAA records if you're purchasing a Sectigo SSL from DreamHost:
- comodoca.com
- usertrust.com
- trust-provider.com
- sectigo.com
Let's Encrypt SSL
Add the following CAA record if you're purchasing a Let's Encrypt SSL from DreamHost: