There is some unknown CAA record added in my site when searching for DNS record in https://www.whatsmydns.net/?utm_source=whatsmydns.com&utm_medium=redirect#CAA/bizdatainsights.com here. Can anyone please let me know why? For this, I am unable to host a subdomain using AWS amplify.
If you have one or more CAA records, Cloudflare will currently append these automatically, when you have Universal SSL enabled.
0 issue "comodoca.com"
0 issue "digicert.com\; cansignhttpexchanges=yes"
0 issue "letsencrypt.org"
0 issue "pki.goog\; cansignhttpexchanges=yes"
0 issuewild "comodoca.com"
0 issuewild "digicert.com\; cansignhttpexchanges=yes"
0 issuewild "letsencrypt.org"
0 issuewild "pki.goog\; cansignhttpexchanges=yes"
Without these, Cloudflare would fail to generate an Edge Certificate to you for use when when you have Proxied (
) records.
These records will be appended, and be there together with the ones you add, so if e.g. AWS ask you to add something, just add the ones they supply you with, - and they will all co-exist with each other.
→ Certification Authority Authorization (CAA) problems - AWS Certificate Manager
→ (Optional) Configure a CAA record - AWS Certificate Manager
According to these two, Amazon ask you to add four CAA records matching their domain(s):
example.com. CAA 0 issue "amazon.com"
example.com. CAA 0 issue "amazontrust.com"
example.com. CAA 0 issue "awstrust.com"
example.com. CAA 0 issue "amazonaws.com"
However, by looking at your domain, it looks like you are missing one of the four, the amazon.com one, e.g.:
example.com. CAA 0 issue "amazon.com"
Can you try adding that last one as well, and see if that makes any progress for you?
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.