I received a CAA DNS error when installing my Let's Encrypt SSL certificate
CAA (Certificate Authority Authorization) is a type of DNS record that allows domain owners to specify which Certificate Authorities (CAs) are permitted to issue SSL certificates for their domain. If your domain uses third-party DNS that doesn’t have CAA records properly configured, the Let’s Encrypt validation will fail and your SSL certificate won’t be installed.
How to fix this
Section titled “How to fix this”Since this error is caused by DNS configuration outside of Hawk Host’s control, you will need to contact your third-party DNS provider and ask them to add the correct CAA record for your domain.
To allow Let’s Encrypt to issue certificates for your domain, add the following CAA record:
yourdomain.com. IN CAA 0 issue "letsencrypt.org"Replace yourdomain.com with your actual domain name.
If you also want to allow wildcard certificates:
yourdomain.com. IN CAA 0 issuewild "letsencrypt.org"Using Hawk Host DNS
Section titled “Using Hawk Host DNS”If your domain uses Hawk Host’s nameservers for DNS, CAA records are handled automatically and you shouldn’t encounter this error. If you do, contact our support team for assistance.
More information
Section titled “More information”You can read more about Let’s Encrypt and CAA records in the Let’s Encrypt CAA documentation.