Featured
Cloud Spectator Cloud Storage Benchmark Report
Cloud Spectator
Benchmark Report
Cloud Block Storage
Access Report
Why Linode
Get to Know Us Better
Featured
Free Services from Linode Free Bundled Services
Free Bundled Services
Discover our no-cost security, networking,
maintenance, and monitoring solutions.
Learn More
View All Products
Compute
Storage
Databases
Services
Networking
Developer Tools
Featured
Dev Mukherjee
Dev Mukherjee
@ Anomaly
Innovation Down Under and Beyond:
From Virtualization to Electric Vehicles
Read Dev's Story
View All Solutions
Solutions
Featured
Cloud Pricing Calculator
Cloud Pricing Calculator
Estimate your cloud costs. Price and configure Linode features to match your needs.
Launch Calculator
Pricing
Free eBook
MSP ebook
The MSP's Guide
to Modern Cloud Infrastructure
Discover one of the best-kept secrets in building a scalable,
thriving, modern Managed Service Provider business.
Download
Community
Engage With Us

Add CAA Records in the Linode Cloud Manager

Updated , by Linode
Traducciones al Español
Estamos traduciendo nuestros guías y tutoriales al Español. Es posible que usted esté viendo una traducción generada automáticamente. Estamos trabajando con traductores profesionales para verificar las traducciones de nuestro sitio web. Este proyecto es un trabajo en curso.
Create a Linode account to try this guide with a $100 credit.
This credit will be applied to any valid services used during your first 60 days.

Certification Authority Authorization (CAA) is a type of DNS record that allows the owner of a domain to specify which certificate authority (or authorities) are allowed to issue SSL/TLS certificates for their domain(s). This quick answer shows you how to set up CAA records on your Linode.

Add a Single CAA Record

  1. Log in to the Linode Cloud Manager

  2. Select the Domains link in the sidebar.

  3. Select the domain you want to add the record to, or add a domain if you don’t already have one listed.

  4. Under the CAA Record section, select Add a CAA record. A form with the following fields will appear:

    Name: The subdomain you want the CAA record to cover. To apply it to your entire website (for example: example.com), leave this field blank. To limit the record’s application to a subdomain on your site, (for example: subdomain.example.com), enter the subdomain’s name into the form field (for example: subdomain).

    Tag:

    • issue - Authorize the certificate authority entered in the Value field further below to issue TLS certificates for your site.

    • issuewild - Same as above, with the exception that you were issued a wildcard certificate.

    • iodef - URL where your CA can report security policy violations to you concerning certificate issue requests.

    Value: If the issue or issuewild tag was selected above, then the Value field takes the domain of your certificate issuer (for example: letsencrypt.org). If the iodef tag was selected, the Value field takes a contact or submission URL (http or mailto).

    TTL (Time to Live): Time in seconds that your new CAA record will be cached by Linode’s name servers before being refreshed. The Default selection’s TTL is 300 seconds, which is fine for most cases. You can use the dig command to view the remaining time your DNS records will be cached until refreshed. Replace linode.com with your site’s domain or subdomain in the command below:

    root@debian:~# dig +nocmd +noall +answer example.com
example.com.     167 IN  A   203.0.113.1

  5. Click the Save button when finished. The CAA record should be fully propagated within the TTL duration.

Add Multiple CAA Records

Multiple CAA records must be added individually. If your site example.com was issued a TLS certificate by Let’s Encrypt, but your subdomain store.example.com uses a Symantec certificate, you would need two different CAA records. A reporting URL for the iodef tag would also need its own record. Those three would look something like this:

More Information

You may wish to consult the following resources for additional information on this topic. While these are provided in the hope that they will be useful, please note that we cannot vouch for the accuracy or timeliness of externally hosted materials.

This page was originally published on

linode platform cloud manager dns

Your Feedback Is Important

Let us know if this guide made it easy to get the answer you needed.

Join the conversation.
Read other comments or post your own below. Comments must be respectful, constructive, and relevant to the topic of the guide. Do not post external links or advertisements. Before posting, consider if your comment would be better addressed by contacting our Support team or asking on our Community Site.