Amimoto Essential Training
      Back to home
      1. AMIMOTO Help Center
      2. Amimoto Managed Hosting
      3. Amimoto Essential Training

      CAA records and SSL digital certificate

      If you already have CAA record on your domain name, add our certificate authority to your record.

      What is CAA

      CAA is a type of DNS record that allows site owners to specify which Certificate Authorities (CAs) are allowed to issue certificates containing their domain names. It was standardized in 2013 by RFC 6844 to allow a CA “reduce the risk of unintended certificate mis-issue.” By default, every public CA is allowed to issue certificates for any domain name in the public DNS, provided they validate control of that domain name. That means that if there’s a bug in any one of the many public CAs’ validation processes, every domain name is potentially affected. CAA provides a way for domain holders to reduce that risk.

      ---- Certificate Authority Authorization (CAA)

      Confirm CAA is enabled on your domain name.

      1. Ask certificate provider, access ControlPanel or run DIG command to check your domain name has a CAA record

      A. Use the DIG command

      The DIG command to check CAA record is enabled

      dig YOUR-DOMAIN-NAME CAA +short

      B. Use Google Admin Toolbox

      https://toolbox.googleapps.com/apps/dig/#CAA/

      If CAA is enabled, some records will be returned.
      Go to "2. Add CAA records to DNS provider"

      dig example.com CAA +short

      0 issue "letsencrypt.org"
      0 issuewild "comodoca.com"
      0 issuewild "digicert.com"
      0 issuewild "digicert.com; cansignhttpexchanges=yes"
      0 issuewild "letsencrypt.org"
      0 issue "comodoca.com"
      0 issue "digicert.com"
      0 issue "digicert.com; cansignhttpexchanges=yes"

       

      If CAA is disabled, no records will be returned.

      dig example.com CAA +short

      No CAA records, back to 5. Assigning an SSL Certificate to your AMIMOTO Managed Hosting Server to complete steps.

       

      2. Add CAA records to DNS record on provider's control panel

      Add one of the following DNS records to your domain name

      amazon.com
      amazontrust.com
      awstrust.com
      amazonaws.com

       

      Here are some samples for setting up CAA records for DNS providers.

       

      Cloudflare
      1. Add amazon.com for example.com

      2. Add amazon.com for www.example.com

       
      GoDaddy

      1. Add amazontrust.com for example.com

      2. Add amazontrust.com for www.example.com

       
      Route 53
      1. Add amazonaws.com for example.com

      2. Add amazonaws.com for www.example.com

      3. Go to 5. Assigning a SSL Certificate to your AMIMOTO Managed Hosting Server to complete Setting up Custom Domain steps.