How to fix DNS CAA issue on SSL Certificate (https)

0

DNS Certification Authority Authorization (CAA) is SSL security policy which allows a domain name owner to indicate which Certificate Authorities (CAs) are permitted to issue certificates. If You run the SSL Labs Analyzer on your domain name, and you will get a DNS CAA Issue. This issue will decrease your SSL certificate trust and also you can see a negative impact on your site. So If  You want to fix DNS CAA issue & want to A+ report that just read this simple article.

Certificate Authority Authorization (CAA) is a way for your domain to whitelist the CAs you are actually using so you can minimize your risk from security vulnerabilities in all the others.

After solving this issue

  • Increase SSL trusted level
  • SSL will work perfectly
  • Traffic also increase

Before the start, you should test your site SSL. To find out your site have or not DNS CAA issue, just run a test here:

https://www.ssllabs.com/ssltest/analyze.html?d=domain.com&latest

if your site has the DNS CAA problem then it will show like this:

fix DNS CAA issue on SSL
fix DNS CAA issue on SSL

How to fix DNS CAA issue

DNS CAA issue is very easy to solve. Just You need to add a CAA Entry in your domain DNS. But before, You must know about your SSL certificate provider. we got our SSL certificates free from Letsencrypt.

The blog you currently read is hosted on DigitalOcean. and the domain is from Godaddy

So, I’ll explain to you how to enable your CAA DNS setting based on these prerequisites.  The procedure is the same for any other SSL seller and DNS service.

Read More for SSL( https) errors and how to solve it

How To Setup SSL And HTTPS in WordPress Blog or Site

Top Free SSL Certificate Providers Trusted By Most Browsers

 

Step 1 — Find CAA Record Creation Page

Goto your domain name provider, log in to the site and goto to DNS management and create a CAA record

Step 2 — Create CAA Record

→Letsencrypt SSL User

If you are using Letsencrypt. then you should enter this record type

  1. HOSTNAME
    To apply this record to the entire domain, type. @
  2. Value
    Here, Enter the value of the CAs you would like to enable for letsencrypt letsencrypt.org ( Note: For the Certificate Authority, you enter the domain like comodoca.org and Tag will be issuewild )
  3. TAG
    Type Issue if you want to enable Wildcard certificates for this domain
  4. FLAGS
    We’ll accept the default of 0.
  5. TTL (SECONDS)
    Leave a default of 1 hour or 3600

See The screenshot below:

entry dns caa record

then click on Save and you are done.

Now you can check your

Cloudflare SSL user

Cloudflare SSL user no need to add any type of DNS CAA value because it is auto set on your domain name.

Conclusion

In this tutorial, you can easily fix your DNS CAA issues and also it will help to increase you ssllab test rating. So If you have more issue with SSL certificate just comment here I will try to solve your problem. Please share and comment. hope it will help you.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.