SSL Labs, CAA Check Failing



I have run an SSL Labs report on my domain, now that it’s going through (i.e. proxy on) Cloudflare. But I get the following,


From what I can tell, I shouldn’t add records, they should be there already … is that right? If it is, why is this failing?


SSL Labs, HPKP Failing

By default, there are no CAA records. If you have Universal SSL enabled, and you add one – whether it’s issue, issuewild or iodef – Cloudflare will automatically add issue and issuewild records for the CAs they use.

So if you want to use CAA, you have to add something, and Cloudflare will fill in the rest (if applicable). If you issue other certificates, you can add issue or issuewild records for the CA(s) you use. If not, you could add an iodef record.


That works, awesome - thanks! I was misunderstanding / mis-reading the info, appreciate you straightening me out.