Domain not verified due to CAA
A Certification Authority Authorization (CAA) record is a DNS record that allows domain owners to specify which Certificate Authorities (CAs) are authorized to issue certificates for their domain. If your site has a CAA record enabled, it may necessitate an extra step during the SSL certificate validation process.
How to Check Your CAA Record:
To determine if your domain has a CAA record, you can use the following tool: https://dnschecker.org/#CAA/
Resolving CAA Record Issues:
If you’re encountering issues related to CAA records when validating your SSL certificate, follow the detailed guide provided by AWS: https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-caa.html
Recommended CAA Records for AWS:
To avoid potential issues, you might need to add specific CAA records if you’re using AWS. Here are the recommended CAA records to add to your DNS registrar:
- amazon.com
- amazontrust.com
- awstrust.com
- amazonaws.com
By adding these records, you authorize AWS services to request and renew SSL certificates for your domain, ensuring a smoother validation process.