CAA policy records

 

Overview

This article provides information on CAA records and how to manage them for a Let's Encrypt SSL certificate at DreamHost.

Background

Certification Authority Authorization (CAA) is an Internet security policy that prevents malicious users from creating false SSL/TLS certificates. It allows a website owner to specify which Certificate Authorities (CAs) are authorized to issue certificates by creating a CAA record.

Configuring CAA records

This section explains how to configure a CAA record for a Let's Encrypt SSL certificate, depending on where your domain nameservers are pointing.

Nameservers are pointing to DreamHost

If your nameservers are pointing to DreamHost, you can add it in your panel. See this article for instructions.

Nameservers are not pointing to DreamHost

If your nameservers are NOT pointing to DreamHost, you must create it at the company where they currently point.

Adding a CAA record at your current hosting company

Before adding a Let's Encrypt SSL certificate to your domain, ensure the CAA records configured at your current hosting company are compatible with DreamHost. There are two options:

  • Option 1 — Completely remove your CAA records at your current hosting company.

  • Option 2 — Retain your CAA records at your current hosting company, but remove any conflicting CAA records before adding an SSL certificate in the DreamHost panel. If you choose this option, make sure you only use the record shown below.

    letsencrypt.org

See also

Did this article answer your questions?

Still not finding what you're looking for?

Contact Support

Status Updates

Go subscribe

Cookies

Visit the Preference Center

ARTICLES & TUTORIALS

Visit the Blog

COMPANY ANNOUNCEMENTS

Visit DreamHost News