CAA Record for site hosted by with CNAME record

I need help configuring a CAA record to be compatible with a 3rd party site that will be hosted at cloudflare.

Our DNS is managed outside cloudflare. We will have a CNAME record for a subdomain that will be hosted in Cloudflare. As far as I understand, I need to update our CAA record to include the Certificate Authorities that Cloudflare uses, so that you will be able to successfully request a certificate for our domain.

I found this support page: Certification Authority Authorization (CAA) FAQ – Cloudflare Help Center

I think it answers my question under the part that says: “The following DNS records are automatically set if you continue to use Cloudflare’s free Universal SSL certificates:”

I plan to copy those records so that when you attempt to request a certificate those CAs will be whitelisted.

However, I want to verify this information because it looks incorrect to me. Specifically, “” is listed, but comodoca has been merged into sectigo, so this should be “”, I think? Is the rest of the information on that support page correct?

Either string is valid according to the Sectigo CPS, but they have deprecated the older strings.

@michael Thank you for the Sectigo CPS link, that was helpful.

Are you able to confirm that the rest of the information on that page is up to date and accurate?

There is nothing specifically wrong with the article, but it is incomplete and needs an update.

It sounds like you are going to be the end user of SSL for SaaS, which has documentation of its own for CAA.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.