DNS Certification Authority Authorization (CAA) is SSL security policy which allows a domain name owner to indicate which Certificate Authorities (CAs) are permitted to issue certificates. If You run the SSL Labs Analyzer on your domain name, and you will get a DNS CAA Issue. This issue will decrease your SSL certificate trust and also you can see a negative impact on your site. So If You want to fix DNS CAA issue & want to A+ report that just read this simple article.
Certificate Authority Authorization (CAA) is a way for your domain to whitelist the CAs you are actually using so you can minimize your risk from security vulnerabilities in all the others.
After solving this issue
- Increase SSL trusted level
- SSL will work perfectly
- Traffic also increase
Before the start, you should test your site SSL. To find out your site have or not DNS CAA issue, just run a test here:
https://www.ssllabs.com/ssltest/analyze.html?d=domain.com&latest
if your site has the DNS CAA problem then it will show like this:
How to fix DNS CAA issue
DNS CAA issue is very easy to solve. Just You need to add a CAA Entry in your domain DNS. But before, You must know about your SSL certificate provider. we got our SSL certificates free from Letsencrypt.
The blog you currently read is hosted on DigitalOcean. and the domain is from Godaddy
So, I’ll explain to you how to enable your CAA DNS setting based on these prerequisites. The procedure is the same for any other SSL seller and DNS service.
Read More for SSL( https) errors and how to solve it
Step 1 — Find CAA Record Creation Page
Goto your domain name provider, log in to the site and goto to DNS management and create a CAA record
Step 2 — Create CAA Record
→Letsencrypt SSL User
If you are using Letsencrypt. then you should enter this record type
- HOSTNAME
To apply this record to the entire domain, type. @ - Value
Here, Enter the value of the CAs you would like to enable for letsencrypt letsencrypt.org ( Note: For the Certificate Authority, you enter the domain like comodoca.org and Tag will be issuewild ) - TAG
Type Issue if you want to enable Wildcard certificates for this domain - FLAGS
We’ll accept the default of 0. - TTL (SECONDS)
Leave a default of 1 hour or 3600
See The screenshot below:
then click on Save and you are done.
Now you can check your
Cloudflare SSL user
Cloudflare SSL user no need to add any type of DNS CAA value because it is auto set on your domain name.
Conclusion
In this tutorial, you can easily fix your DNS CAA issues and also it will help to increase you ssllab test rating. So If you have more issue with SSL certificate just comment here I will try to solve your problem. Please share and comment. hope it will help you.
