I have no CAA records in the DNS management, but still when I search here: DNS Propagation Checker - Global DNS Testing Tool I can see that we have multiple CAA records that does not exist in the DNS management interface. for that reason we can’t issue ssl certificates, because we are getting an error message from certificate supplier. also our current certificate has been revoked. please help ASAP. thanks
What feature, service or problem is this related to?
Cloudflare adds their own automatically if you enable a feature which requires it (AMP Real Url/sxg signed exchanges) or add any other CAA records manually: Add CAA records · Cloudflare SSL/TLS docs
You’ve got two non-standard there: Godaddy and ssl.com, which you should be able to see in your dashboard.
You can just add the CAA record required by your supplier to allow them to be able to issue. If you need more info on how to do that, you should ask them.
thanks Chaika.
my issue is that I 've added CAA record for globalsign because shopify required it. that was a huge mistake, after 2 days godaddy revoked my wildcard ssl certificate, and now i’m trying to re key my certificate and getting this error: “A DNS CAA record exists for domain(s) cityofdavid.org.il which forbids the issuance of this certificate” godaddy support say they can’t help me because it’s a DNS issue. (although I’ve added right CAA record for godaddy.com).
I just want to reverse everything and stay with no CAA records at all, maybe that way I can re-key my certificate.
how do I do that? any suggestions? thanks