Configuring CAA (Certification Authority Authorization) Records for Status Pages

Understanding CAA Records

CAA records control which Certificate Authorities (CAs) are authorized to issue SSL certificates for your domain. If you have an existing CAA record or are planning to create one, it must include Let's Encrypt to allow for the automatic issuance of SSL certificates for your domain.

How to Configure or Update Your CAA Record

If You Don’t Have a CAA Record

If you're setting up a CAA record for the first time, you’ll want to allow Let's Encrypt to issue certificates for your domain, in addition to any other CAs you trust.


If You Already Have a CAA Record

If a CAA record exists for your domain, you’ll need to ensure that it includes permission for Let's Encrypt to issue certificates. Here's how:

  • Access Your DNS Settings: Log in to your domain registrar or DNS provider's dashboard, and navigate to the DNS settings for your domain.
  • Modify or Add a CAA Record: If a CAA record exists, check if it includes Let's Encrypt. If not, you'll need to add another CAA record specifically for Let's Encrypt.
  • To add or modify a CAA record, use the following values:
Type: CAA
Flag: 0
Tag: issue
Value: ""
  • Save Your Changes: Apply and save your changes. DNS changes may take some time to propagate, typically up to 48 hours.


Verifying Your CAA Record

After updating your DNS settings, verify your CAA record using an online DNS lookup tool that supports CAA queries. This step ensures that Let's Encrypt is authorized to issue certificates for your domain.



What if I use multiple CAs?

You can have multiple CAA records pointing to different CAs if you use services from various certificate authorities.


Can I still use without a CAA record?

Yes, a CAA record is not required to use's services. This guide is for customers who choose to use or have a CAA record for enhanced security.


What should I do if my DNS provider does not support CAA records?

If your provider does not support CAA records, it's not a blocker for using Let's Encrypt with However, for added security, consider using a DNS provider that does support CAA records.

Was this article helpful?
0 out of 0 found this helpful



Please sign in to leave a comment.

Have more questions?
Submit a request
Share it, if you like it.