Domain's CAA record (Couldn't find a CAA record)

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output: Couldn't find a CAA record

My web server is (include version): nginx version: nginx/1.15.8

The operating system my web server runs on is (include version): Ubuntu 18.04.2

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

1 Like

If you didn't set caa then it's normal to not have caa and it means every CA are allowed to sign certificates for that name? Did you expect to have caa on your domain?

1 Like

Hello, i need to set caa due to some testing its found some Vulnerability )Missing Certificate Authority Authorization rule), could you please help me out in this case.

1 Like

have any idea about this topic, if any please help me out.

Are you just looking for instructions on setting up a CAA for your domain? It's not required, but it helps ensure that only the CAs that you intend to issue certificates for your domain actually do so.

I'd suggest starting with Let's Encrypt's documentation:

It links to some information from SSLMate, which includes information on DNS providers that support it and a tool to help generate the record with the criteria you want:

And then if after reading those you have some specific question let us know.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.