SSL CA issue

Having trouble with this issue - any solution?

That’s a pretty old article, but those records are supported here. Ivan Ristic’s Hardenize website can test your domain’s CAA records.

What issue?

CAs are required to check for and respect CAA records. If you create any CAA record, then Cloudflare will automatically add all the CAA records that they need to authorise certificates for the zone.

1 Like

When you run a SSL check, SSL Server Test: (Powered by Qualys SSL Labs) It shows an orange field DNS CAA No (more info)

When you click more info - it shows CAA Mandated by CA/Browser Forum | Qualys Security Blog

A client sent a firefox malicious warning message preventing him from viewing the site at all. The client site is a fund so it’s important to have any issues resolved.

Here is a photo that the client sent:

The SSL is from Cloudflare.

I’ve been running SSL from Cloudflare on multiple client sites and have never encountered an issue.

For reference the client site is

That domain is not active on Cloudflare. The hosting is on GCP. The only certificates on that domain are from LE.

The CAA is just informational, and the browsers do not care about it. It is a signal from a domain owner to Certificate Authorities when issuing a certificate, and has no other meaning.

1 Like

And the issue is that the certificate is not valid for, only for

1 Like

Ok, huge error on my part - needs to be moved to Cloudflare. If it was on Cloudflare, the SSL should work on both www and - right?

Yes. And you should put a page rule in place to do the redirect from www to

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.