CAA policy records

Certification Authority Authorization (CAA) is an Internet security policy that prevents malicious users from creating false SSL/TLS certificates. It allows a website owner to specify which Certificate Authorities (CAs) are authorized to issue certificates by creating a CAA record.

Managing CAA records

This section provides information on how to create a CAA record depending on where your domain nameservers are pointing.

If your nameservers are pointing to DreamHost

If your nameservers are pointing to DreamHost, you can add them in your panel. See this article for instructions.

If your nameservers are not pointing to DreamHost

If your nameservers are NOT pointing to DreamHost, you must create them at the company where they currently point.

Configuring CAA records

Before adding an SSL certificate to your domain in your DreamHost panel, ensure the CAA records are compatible with DreamHost. There are two options:

• Option 1 — Completely remove your CAA records at your current hosting company.
• Option 2 — Retain your CAA records at your current hosting company but remove any conflicting CAA records before adding an SSL certificate in the DreamHost panel.

If you choose Option 2 (to retain existing CAA records), make sure you only use the records shown below. The CAA record you add depends on whether you're purchasing a Sectigo or Let's Encrypt SSL certificate from DreamHost.

Sectigo SSL

Add the following CAA records if you're purchasing a Sectigo SSL from DreamHost:

• comodoca.com
• usertrust.com
• trust-provider.com
• sectigo.com

Let's Encrypt SSL

Add the following CAA record if you're purchasing a Let's Encrypt SSL from DreamHost:

• letsencrypt.org