FAQ content

What happens when a CAA record is present for my custom domain name?

In this article

A Certificate Authority Authorization (CAA) record establishes which certificate authorities are allowed to issue certificates for your domain. This is a normal record for IT departments to put into place; it controls who is (and isn't) allowed to get security certificates for subdomains (e.g., library.institution.org) under your main domain (e.g., institution.org.).

The only time that this is a problem for Springy customers is when you have a custom domain (e.g., libcal.institution.org, but NOT institution.libcal.com) and you would like for us to issue and manage its security certificate. We use a free service called Let's Encrypt for security certificates.

Use this tool to determine if a CAA record is preventing us from requesting or renewing a Let's Encrypt security certificate for you. If there is no record found, no problem! We'll be able to request and renew certificates for you. If there is a record in place, and you do not see a line referring to letsencrypt.org, please contact your IT folks (if that's not you).

If your current CAA setting does not allow for certificates to be issued by Let's Encrypt, but you wish to configure this, then you must add the following lines to it (substituting your site's real domain name for "yourdomain.edu"):

yourdomain.edu.      21599   IN  CAA 0 issue "letsencrypt.org"
yourdomain.edu.      21599   IN  CAA 0 issuewild "letsencrypt.org"