Overview
Certification Authority Authorization (CAA) is an Internet security policy that prevents malicious users from creating false SSL/TLS certificates. A CAA record can be created by a website owner to specify which Certificate Authorities (CAs) are permitted to issue certificates.
If your nameservers are pointed to DreamHost
If your nameservers are currently pointed to DreamHost and you would like to use CAA records, you can add them in your panel. View the following article for instructions:
If your nameservers are NOT pointed to DreamHost
If your nameservers are NOT pointing to DreamHost (and you would like to use CAA records for your domain hosted at DreamHost), you must create the CAA records at the company where your nameservers are currently pointed.
Before adding an SSL certificate to your domain in your DreamHost panel, ensure the CAA records are compatible with DreamHost. You have the following two options.
- Completely remove your CAA records at your current hosting company.
- Retain your CAA records at your current hosting company, but remove any conflicting CAA records before adding an SSL certificate in the DreamHost panel.
If you choose to retain your CAA records, make sure you only add the records shown below. The CAA record you add depends on if you're purchasing a Sectigo, or Let's Encrypt certificate from DreamHost.
Add these if you're purchasing Sectigo SSL from DreamHost
- comodoca.com
- usertrust.com
- trust-provider.com
- sectigo.com
Add the following if you're purchasing a Let's Encrypt SSL from DreamHost
Managing CAA records at DreamHost
See the following article for more information on creating CAA records in the DreamHost panel.