I need help configuring a CAA record to be compatible with a 3rd party site that will be hosted at cloudflare.
Our DNS is managed outside cloudflare. We will have a CNAME record for a subdomain that will be hosted in Cloudflare. As far as I understand, I need to update our CAA record to include the Certificate Authorities that Cloudflare uses, so that you will be able to successfully request a certificate for our domain.
I found this support page: Certification Authority Authorization (CAA) FAQ – Cloudflare Help Center
I think it answers my question under the part that says: “The following DNS records are automatically set if you continue to use Cloudflare’s free Universal SSL certificates:”
I plan to copy those records so that when you attempt to request a certificate those CAs will be whitelisted.
However, I want to verify this information because it looks incorrect to me. Specifically, “comodoca.com” is listed, but comodoca has been merged into sectigo, so this should be “sectigo.com”, I think? Is the rest of the information on that support page correct?