Skip to main content

CAA Records, short of Certificate Authority Authorization, is the record that specifies which (CA) Certificate Authorities can issue SSL certificates for a domain name.


Important: For your records to work, your Name Servers should be set to one of the following two options, which determine where you should add the DNS Records:

  • ns3.epik.com/ns4.epik.com – DNS is managed on Epik.com Dashboard
  • host11.epik.com/host12.epik.com – DNS is managed on cPanel

The numbers may vary on the hosting name servers depending on your hosting plan. This information is emailed to you when you first purchase a plan.

If you have a third-party name servers, the DNS Records should be added on that provider’s end.


Characteristics of the CAA Records

The CAA Records have two fields that are unique to them – the flags and the tags:

Flags

The flags determine how the CAA record is interpreted, and can be in two default states:

  • 1 (critical) – The CA can’t use the record if it doesn’t understand the properties of the record, and won’t proceed to evaluating another records in the zone.
  • 0 (non-critical) – The CA can use the records regardless if it understands it. If it’s not valid, it can proceed with evaluating other records in the zone.

Tags

The tags determine which actions the Certificate Authority can make when issuing the certificates. There are three of these tags, and they have the following functions:

  • issue – Authorizes the CA to issue non-wildcard certificates for the root domain and any subdomain.
  • issuewild – Authorizes the CA to issue wildcard certificates for the root domain.
  • iodef (Incident Object Description Exchange Format) – Provides the domain registrant the ability to receive information in case of SSL failure or other certificate related issues.

Editing CAA Records in the Epik Dashboard

1. Navigate to your Domain Portfolio.

2. Locate your domain and select it. You can click on the options square menu to reveal the Set DNS Host Records options, or the same option by click DNS & WHOIS in the black top navigation menu.

3. You’ll reach the options page, where you can choose CAA Records (CAA) to edit them.

4. When set up, click Save Changes.

Editing CAA Records in cPanel

First, log in to your hosting plan’s cPanel – you can check out this guide to learn how to access it directly.

1. Inside cPanel, navigate to Zone Editor, under the Domains section.

2. Once inside the Zone Editor page, click Manage next to the domain options to see the full list of records.

3. Here you can click + Add Record to add a completely new record by type and choose CAA Record. If you already added one, you can use the filters to find it and click Edit to change it.

4. When ready, click Save Record or Save All Records.