This article covers:
- What is a Certification Authority Authorization (CAA) Record?
- How do I add my CAA Records?
- How do I edit an existing CAA Record?
What is a CAA Record?
Certification Authority Authorization (CAA) Records are a type of Advanced DNS record that control which Certificate Authorities (CAs) are allowed to issue SSL certificates for your domain. CAA Records help prevent unauthorized certificate issuance and improve your domain’s security. CAA Records consist of the Host Name, Flag, Tag, Value, and the TTL.
Host Name
This is the name of the record. Your domain name will automatically be appended to the end (example: if you enter “@” it will be replaced with the root domain, such as “rebelexample.com”). You may also create CAA records for subdomains if needed.
Flag
This is typically set to 0. It indicates whether the rule is critical. In most standard configurations, this value remains 0.
Tag
This specifies the type of authorization being granted. Common tags include:
issue(authorizes a CA to issue standard SSL certificates)issuewild(authorizes a CA to issue wildcard certificates)iodef(provides an email address for certificate-related reports)
Value
This is the Certificate Authority being authorized (for example, letsencrypt.org or digicert.com). The value must be entered exactly as provided by your certificate provider.
TTL (Time To Live)
The TTL sets the amount of time in seconds for the record to stay cached before retrieving it again. The default TTL is 3600, which is approximately one hour. Lowering the TTL of a new record will not decrease the amount of time it takes for the record to update.
How do I add my CAA Records?
| Note: Any changes that you make to your Advanced DNS settings can interrupt your service. If you are not an advanced user, we strongly recommend that you not change these settings without consulting our support department. |
Step 1.
Log in to your Rebel account, then select "Products" in the top-left corner. In the top toolbar, you will see "Domains”. Please select this.
Step 2.
Select “Manage” on the right-hand side of the domain you’d like to edit the DNS for.
Step 3.
On the domain editing page, select the "DNS" tab in the upper left.
Step 4.
Scroll down to Manage Advanced DNS Records and click on "Advanced DNS Settings".
| Important: If the Nameserver Information section shows your domain as set to Use Third Party Hosting, the Advanced DNS will only be accessible with your hosting provider. Advanced DNS records live on nameservers. You will only be able to access the Advanced DNS from within your Rebel account if the name server information for your domain is currently set to Park with Rebel, Forward Domain, or Host with Rebel. |
Step 5.
To add an A record, click the button showing "Add Record" in the upper right.
Step 6.
Click the drop-down and set the Record Type as "CAA".
Step 7.
Set the Record Type as CAA and fill in:
- Host
- Flag
- Tag
- Points to
You are able to leave the TTL as the default number; the rest of the information will be provided by your hosting service provider.
Once you are finished filling in the fields, you are able to click "Save" at the bottom.
Edit an existing CAA record:
Click the "Edit" button to the right of the record, update the Host and/or Points To field, as instructed by your hosting service provider.
Once finished adding the necessary information, you can click "Update Record".
| Note: If your domain was already set to Park with Rebel, Forward Domain, or Host with Rebel, these records should take about 1 hour to propagate. If your domain was previously set to Use Third Party Hosting, updates can take up to 24-48 hours to propagate worldwide, though we find it's typically much closer to 6-12 hours. |
Comments
0 comments
Please sign in to leave a comment.