LemonadeLXP

The CAA record is a type of DNS record used to provide additional confirmation for the Certification Authority (CA) when validating an SSL certificate. This record allows you to specify which certification authorities are authorized to deliver SSL certificates for your domain. <a href="https://tools.ietf.org/html/rfc6844" rel="nofollow noopener noreferrer" target="_blank">See the RFC here</a>.

Any CAA records added to a parent zone (e.g., financial.com) will be inherited by subdomains (e.g., lemonade.financial.com).  Adding a record to the parent, can quickly break things for its children.

Cloudflare uses specific issuers to issue its auto-renewing certificates.  If you add CAA records that do not include Cloudflare's issuers, you will prevent Cloudflare from issuing SSL.  The result of this, is SSL expiry (downtime) that LemonadeLXP is powerless to resolve.

What CAA records do I need to add, to ensure that Cloudflare can continue issuing SSL certificates for me?

 Please <a href="https://developers.cloudflare.com/ssl/edge-certificates/custom-certificates/caa-records/#caa-records-added-by-cloudflare" rel="nofollow noopener noreferrer" target="_blank">see this article</a>  (maintained by Cloudflare) for the most recent list of SSL issuers.

Be careful of the impact of adding CAA records to your DNS zone files!

CAA Records and Cloudflare

LLXP Digital Academy

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you

What are CAA records?

What's the Risk of adding CAA records?

What CAA records do I need to add, to ensure that Cloudflare can continue issuing SSL certificates for me?