CAA policy records

Overview

This only applies if your Nameservers are NOT hosted at DreamHost.

Certification Authority Authorization (CAA) is an Internet security policy that prevents malicious users from creating false SSL/TLS certificates. A CAA record can be created by a website owner to specify which Certificate Authorities (CAs) are permitted to issue certificates.

If your Nameservers are NOT hosted at DreamHost, you must ensure that your CAA records are compatible with DreamHost before adding the SSL certificate to your domain. You have the following two options.

  1. Completely remove your CAA records at your current hosting company
  2. Remove any conflicting CAA records at your current hosting company before adding an SSL certificate in the DreamHost panel.

If you choose to retain your CAA records, make sure you only add the records shown below. The CAA record you add depends on if you're purchasing a Sectigo, or Let's Encrypt certificate from DreamHost.

Add these if you're purchasing Sectigo SSL from DreamHost

  • comodoca.com
  • usertrust.com
  • trust-provider.com
  • sectigo.com

Add the following if you're purchasing a Let's Encrypt SSL from DreamHost

Did this article answer your questions?

Article last updated PST.