CAA Records

What is a CAA Record?

A “CAA” (Certification Authority Authorisation) record defines a policy which lists the Certificate Authorities who are authorised to generate digital certificates for your domain. You can use the policy to restrict the issuing digital certificates to specific companies you have defined.

The record is not specifically required to allow you to order certificates. If you do not have a CAA record defined you will be able to generate digital certificates from *any* Certificate Authority. This is a way of securing your domain/certificates by restricting to certain companies.

Multiple records are supported for authorising multiple Certificate Authorities.

Correct format for Tibus DNS (dns.tibus.net)

Please ensure the format is exactly as below or you risk breaking your DNS records.

Example

example.com  CAA 0 issue “letsencrypt.org”

This example authorises LetsEncrypt *only* to generate certificates for domain example.com and is made up of 3 parts:

0 – the flag (For future use)
issue – the tag (issue/issuewild/iodef)
“letsencrypt.org” – the value