As of September 7, 2017, SSL providers are required to verify CAA, or Certificate Authority Authorization, DNS records in order to issue an SSL certificate for any given domain.

While many higher end DNS have had CAA records implemented way beforehand, GoDaddy waited until around September 1st, 2017, to implement this into their DNS manager. I had a relatively hard time understanding how to set a CAA record in GoDaddy’s DNS this past week, mostly due to a lack of documentation on their end. After some tinkering, here’s what I was able to figure out.

From the domain manager, locate the domain you’d like to add a CAA record to and click the “DNS” button next to it. Once in the DNS editor, scroll down to “Add” and fill in the following:

  • Type: CAA
  • Name: @
  • Flags: 0
  • Tag: issueissuewild, or iodef
  • Value:
    • When tag is issue or issuewild: SSL provider’s website (e.g. comodo.com)
    • When tag is iodef: mailto:[email protected]
  • TTL: 1 hour

If you do not know which tag or value to use, this CAA Record Generator is a great tool to use.

Michael Stenberg