{"id":2607,"date":"2019-10-22T17:12:28","date_gmt":"2019-10-22T09:12:28","guid":{"rendered":"https:\/\/www.mondoze.com\/guide\/?post_type=kb&p=2607"},"modified":"2022-10-05T08:02:47","modified_gmt":"2022-10-05T00:02:47","slug":"configuring-caa-records","status":"publish","type":"kb","link":"https:\/\/www.mondoze.com\/guide\/kb\/configuring-caa-records","title":{"rendered":"HOW TO :Configuring CAA Records"},"content":{"rendered":"\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t
\n\t\t\t\t\t\t\t
\n\t\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t

How To Configure CAA Records<\/h2>\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t
\n\t\t\t\t

When using Universal SSL, do not configure CAA records<\/strong><\/h3>

When you enable Universal SSL and add CAA records via the Cloudflare\u00a0DNS<\/strong>\u00a0app, Cloudflare automatically adds three additional CAA DNS records for each of our Universal SSL CA providers (currently comodoca.com, digicert.com, and globalsign.com). \u00a0Cloudflare does not append additional CAA records if Universal SSL is disabled or if no CAA records are added via the\u00a0DNS<\/strong>\u00a0app.<\/p>

These CAA DNS records do not display in the Cloudflare dashboard\u00a0DNS<\/strong>\u00a0app. However, if you run \u00a0a command line query using\u00a0dig<\/em>, any existing CAA records will show, including the ones added by Cloudflare Universal SSL.<\/p>

If you don’t want or need Cloudflare Universal SSL, you can disable it in your Cloudflare\u00a0Crypto<\/strong>\u00a0settings. Disabling SSL automatically deletes the CAA DNS records for our official providers, mentioned above.<\/p>

Disabling Universal SSL leaves your Cloudflare-enabled DNS records without SSL support, unless you upload a custom SSL certificate (available for Cloudflare Business and Enterprise customers).<\/p>

When using your own certificate, configure your CAA records<\/strong><\/h3>

If you’re using your own origin server SSL certificate (that is, a certificate that was not provisioned by Cloudflare), you need to manually add a CAA DNS record for each Certificate Authority (CA) that you plan to use for your domain.<\/p>

Configuring\u00a0 only applies to certificates issued by a CA. You cannot add CAA records if you’re using a self-signed certificate in your origin web server.<\/p>

To add a CAA record:<\/p>

1. Log in to the Cloudflare dashboard.<\/p>

2. Ensure the website you want to update is selected.<\/p>

3. Click the\u00a0DNS<\/strong>\u00a0app.<\/p>

4. In the\u00a0DNS Records<\/strong>\u00a0panel, click the record type dropdown to select\u00a0CAA<\/em>.<\/p>

5. In the\u00a0Name<\/strong>\u00a0text box, type your domain.<\/p>

6. Then in the\u00a0Click to configure<\/strong>\u00a0text box, click to enter configuration details.<\/p>

\"\"<\/p>

7. In the\u00a0Add Record: CAA content\u00a0<\/strong>dialog, select a\u00a0Tag<\/strong>: either\u00a0Only allow specific hostnames<\/em>\u00a0or\u00a0Only allow wildcards<\/em>, as appropriate. The default tag is\u00a0Only allow specific hostnames<\/em>.<\/p>

8. For\u00a0Value<\/strong>, enter the CA name.<\/p>

9. Click\u00a0OK<\/strong>\u00a0to close the dialog.<\/p>

\"\"<\/p>

10. Back in the\u00a0DNS Records<\/strong>\u00a0panel, verify that the information you entered is correct and then, click\u00a0Add Record<\/strong>\u00a0to save your changes.<\/p>

You can repeat the steps above for each CA to associate with your domain. \u00a0Once you have finished creating all the records, you can review them in the list of records appearing under the\u00a0DNS Records<\/strong>\u00a0panel.<\/p>

A CA queries the authoritative DNS . \u00a0Therefore, CAA records added to the Cloudflare DNS<\/strong>\u00a0app for a domain on a CNAME setup are not used.<\/p>\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"

How To Configure CAA Records When using Universal SSL, do not configure CAA records When you enable Universal SSL and add CAA records via the Cloudflare\u00a0DNS\u00a0app, Cloudflare automatically adds three additional CAA DNS records for each of our Universal SSL CA providers (currently comodoca.com, digicert.com, and globalsign.com). \u00a0Cloudflare does not append additional CAA records if …<\/p>\n

HOW TO :Configuring CAA Records<\/span> Read More \u00bb<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-gradient":""}}},"kbtopic":[53],"kbtag":[110],"mkb_version":[],"_links":{"self":[{"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/kb\/2607"}],"collection":[{"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/kb"}],"about":[{"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/types\/kb"}],"author":[{"embeddable":true,"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/comments?post=2607"}],"version-history":[{"count":11,"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/kb\/2607\/revisions"}],"predecessor-version":[{"id":18332,"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/kb\/2607\/revisions\/18332"}],"wp:attachment":[{"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/media?parent=2607"}],"wp:term":[{"taxonomy":"kbtopic","embeddable":true,"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/kbtopic?post=2607"},{"taxonomy":"kbtag","embeddable":true,"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/kbtag?post=2607"},{"taxonomy":"mkb_version","embeddable":true,"href":"https:\/\/www.mondoze.com\/guide\/wp-json\/wp\/v2\/mkb_version?post=2607"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}