Domain Providers and CAA

In this article:

Detect Security Vulnerabilities in Your Web Apps and APIs
Scan now for free

Certificate Authorities are not the Problem.

To increase internet SSL/TLS encryption security, website administrators can set Certificate Authority Authorization (CAA) records. These DNS records determine which certificate authority (CA) is allowed to issue certificates for this domain. Since September 8th, CAs must check the existence of an ACC record and comply with its content.

There are still some problems, such as CAs that do not check the CAA records at all. However, this is not the biggest issue: Many domain providers have not yet updated their software to set CAA records. Therefore administrators cannot set the CAA records.

Security is importnt

How can I set CAA records?

To increase your website’s security, go to your DNS provider’s configuration website and choose to create a new CAA record. For example, to only allow letsencrypt to issue certificates for your domain, use the following record:

Name          Type Value  Value  CAA         0 issue ""

Verify the record

To verify whether the CAA record is set correctly, you can use our free web application security scanner. It will show you the following message in case the CAA record is not set:

1 UZU lSyuP JMQK1laQJ4QA Domain Providers and CAA

Get a quick security audit of your website for free now

We are analyzing
Scanning target
Scan status: In progress
Scan target:
Date: 23/03/2023
Crashtest Security Suite will be checking for:
Information disclosure Known vulnerabilities SSL misconfiguration Open ports
Complete your scan request
Please fill in your details receive the
quick security audit by email.
Security specialist is analyzing your scan report.
То verify your identity please provide your phone/mobile:
Thank you.
We have received your request.
As soon as your security audit is ready, we will notify you.