As of September 7, 2017, SSL providers are required to verify CAA, or Certificate Authority Authorization, DNS records in order to issue an SSL certificate for any given domain.
While many higher end DNS have had CAA records implemented way beforehand, GoDaddy waited until around September 1st, 2017, to implement this into their DNS manager. I had a relatively hard time understanding how to set a CAA record in GoDaddy’s DNS this past week, mostly due to a lack of documentation on their end. After some tinkering, here’s what I was able to figure out.
From the domain manager, locate the domain you’d like to add a CAA record to and click the “DNS” button next to it. Once in the DNS editor, scroll down to “Add” and fill in the following:
- Type:
CAA
- Name:
@
- Flags:
0
- Tag:
issue
,issuewild
, oriodef
- Value:
- When tag is
issue
orissuewild
: SSL provider’s website (e.g. comodo.com) - When tag is
iodef
: mailto:[email protected]
- When tag is
- TTL:
1 hour
If you do not know which tag or value to use, this CAA Record Generator is a great tool to use.