CAA Enabled Domain

If your domain has CAA protection enabled, this limits who is able to create SSL certificates for it.

At SPP, we use CloudFlare, which will use one of three Certificate Authorities to create an SSL certificate for your custom subdomain.

Please make sure your domain has the following CAA records (note that some may already be present):

• Record 1 (allows Let's Encrypt):

  • Type: CAA

  • Flag: 0

  • Tag: issue

  • Value: letsencrypt.org

  • TTL: automatic

• Record 2 (allows Sectigo):

  • Type: CAA

  • Flag: 0

  • Tag: issue

  • Value: sectigo.com

  • TTL: automatic

• Record 3 (allows Google Trust Services):

  • Type: CAA

  • Flag: 0

  • Tag: issue

  • Value: pki.goog; cansignhttpexchanges=yes

  • TTL: automatic