I was trying to get a certificate from Amazon when it told me some CAA settings prevented it from issuing one. My domain has no CAA records in Cloudflare dashboard, but when I use dig tool it shows a total of 8. I’ve tried adding one of my own CAA records and removing it, as well as disabling and re-enabling “Universal SSL”, but neither of them worked as the unexpected CAA records still persist.
By the way, the Cloudflare dashboard stuck for a number of times during my operations, and I was logged out for several times all of a sudden (I have 2FA enabled).
Did Cloudflare just went mad or something?