Create CAA DNS record

Hi,

I use Crazy Domains as my domain name provider, and I wish to set up CAA.

I am using a premium DNS account which does not include the CAA record as part of the configuration options. But when I check https://sslmate.com/caa/support it states that Crazy Domains supports CAA.

I contacted CD and they advised: "However, you need to verify Let’s Encrypt what exactly the correct records to input to make it work. This is to avoid any error and to save us time. However, if you are looking for adding a CAA record only, this is not available. We all know that Let’s Encrypt is a Certificate Authority that can provide an SSL Certificate. If you already have the SSL Certificate with you, you can send it to us and we will escalate it to our SSL Team for installation. "

I understand I can’t just use a TXT record, like: _caa.mydomain.org > 0 issue “letsencrypt.org

I’m not sure how sending my certificate helps (and that sounds unsecure)…

I’m confused as to whether or not I can implement CAA with Crazy Domains…

Can anyone suggest a way forward?

Thanks very much

Hi @castletonroad

ask Crazy Domains how to do that.

But you don't need a CAA record to create a Letsencrypt certificate. These are different things.

Looks like the list of Sslmate is incomplete, if you don't see that option. That may happen.

PS: Your link doesn't work.

PPS: If your "premium DNS account" doesn't allow that, you can't create a CAA entry.

Certificates (without the private key!) are publically available (heck, it's send to the browser every time a client connects to your webserver), so there's no unsecure thing in sending just the certificate. I'm guessing they'd use it to "extract" the certificate authority to perhaps generate the CAA record contents for you?

This is a rather strange answer. Their own site (assuming I've got the correct Crazy Domains) tells otherwise: https://www.crazydomains.com.au/help/how-do-i-create-update-a-caa-record/

With SSLMate you can generate a CAA record for Let's Encrypt: CAA Record Generator

Only $29.00/yr

MADNESS.

Switch providers, please. Cloudflare should be fine.

According to SSLMate (Who Supports CAA Records?) CloudFlares CAA support is broken :stuck_out_tongue:

Doh!

Which one do we suggest? :smiley:

As someone who’s still sticking with an overpriced DNS provider without any good reason myself, I have no clue…

Well, my registrar has a pretty good dns included. (they just don’t play nice with outgoing axfr)

Cloudflare fixed that a long time ago -- it was a pretty scary bug.

Ah.. Who tells SSLMate? :stuck_out_tongue:

@JuergenAuer
Thanks very much for clarifying (your last point, PPS) - this is what I thought.

(I have SSL set up fine, just wanted to add a CAA record.)

Cloudflare going to give me a domain name, too? And for less than $29/yr?

There's no reason they'd need to; your DNS host and your registrar don't have to be the same people. But for many TLDs, yes, they can act as registrar as well; for my .com domains, they charge $8.03/year. DNS is free.

No, but they have free services, and there are a lot of registrars that are probably cheaper (even though .au is kinda expensive)

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.