As of September 7, 2017, SSL providers are required to verify CAA DNS records in order to issue an SSL certificate for any given domain. While many higher end DNS had CAA records implemented way beforehand, GoDaddy waited until around September 1st to implement this into their DNS manager.
I had a relatively hard time understanding how to set a CAA record in GoDaddy’s DNS this past week, mostly due to a lack of documentation on their end. After some tinkering, here’s what I was able to figure out.
From the domain manager, locate the domain you’d like to add a CAA record to and click the “DNS” button next to it. Once in the DNS editor, scroll down to “Add” and fill in the following:
- Type: CAA
- Name: @
- Flags: 0
- Tag: either issue, issuewild, or iodef
- Value: your SSL provider, e.g. comodo.com OR mailto:firstname.lastname@example.org if using iodef
- TTL: 1 hour
If you do not know which tag or value to use, this CAA Record Generator is a great tool to use.