How add caa record

#1

Please give me steps for adding CAA record.

Above link have valid step or not.

#2

The link above is fine, if you want CAA records simply add one (be it Let’s Encrypt or the reporting method) and CF will handle adding the ones it needs for it’s own certificate.

#3

To add to what @Matteo has said, if you are only using Cloudflare issued certificates, you only need to add the iodef (Send violation report to) record. Cloudflare will automatically add all the Certificate Authorities that they are using for Universal SSL.

I always add issue and issuewild records for any CAs that I am using outside Cloudflare. I do not assume that the list Cloudflare add today will always be the same, so if you are using comodoca.com, digicert.com or letsencrypt.org you should explicitly add them to the list. I seem to recall that globalsign.com used to be on Cloudflares list, but is not any more, I think this happened when Let’s Encrypt was added (I could be wrong here).

Make sure to pay attention to the warning in the support page you reference:

Do not use the Only allow wildcards option for the root record (which returns only issuewild records) for any domain that will use Cloudflare’s Universal SSL.

2 Likes