Domains Help

Edit a CAA record

Edit an existing CAA record (Certification Authority Authorization record) if you need to change the details that specify which certificate authority (CA) is allowed to issue SSL certificates for the domain. CAA record details are typically available through your SSL provider.

  1. Sign in to your GoDaddy Domain Portfolio. (Need help logging in? Find your username or password.)
  2. Select an individual domain to access the Domain Settings page.
    select a single domain
  3. Select DNS to view your DNS records.
    select dns tab
  4. Select the checkboxes next to the DNS records you need to edit and then select Edit.
    • Select screenshot of the icon for editing a dns record Edit next to an individual record to edit a single record instead.
  5. Enter the details from your SSL provider for your CAA record.
    • Name: The domain or subdomain for the record. Enter @ to put the record on your root domain. The Name must follow these guidelines:
      • Periods (.) are allowed but not as the first or last character
      • Consecutive periods (…) are not allowed
      • Cannot begin or end with a hyphen (-)
      • 63 characters in a row not separated by a period (.)

        Example: 63characters.63characters.coolexample.com

      • 255 characters maximum
    • TTL (Time to Live): The amount of time the server should cache information before refreshing. The default setting is 1 hour.
    • Flag: Choose one of the available options.
      • 0: Used for standard CAA records, where the Tag is issue, issuewild, or iodef.
      • 128: Used for non-standard CAA records, where the Tag is not issue, issuewild, or iodef.
    • Tag: Choose one of the available options, or manually enter the Tag.
      • issue: Explicitly authorizes a single certificate authority to issue any type of certificate for the hostname (the value entered in the Name field).
      • issuewild: Explicitly authorizes a single certificate authority to issue only a wildcard certificate for the hostname (the value entered in the Name field).
      • iodef: Specifies a method that certificate authorities can use to report invalid certificate requests.
      • Manually enter the tag if the Flag is set to 128.
        • Tag can only consists of letters and numbers.
        • Tag should be all lower case, but isn't explicitly case-sensitive.
    • Domain: Based on the Tag type you selected, enter the corresponding certificate authority or URI. Enter a semicolon (;) to prevent any CA from issuing the corresponding certificate type.
      • issue or issuewild: Enter the certificate authority allowed to generate a certificate for this domain.
        Internal Only Content: GoDaddy can issue certificates on domains when the Domain field is entered as godaddy.com or starfieldtech.com.
      • iodef: Enter a full URI to specify the method certificate authorities can use to report invalid certificate requests, such as https://coolexample.com/path or mailto:jane@coolexample.com.
    • (Optional) Add Parameter: Select this option to enter additional specific parameters for your CAA record.
    • (Optional)CAA RDATA: Enter the full CAA record from your SSL provider and we'll fill in the individual fields automatically. Or, after you fill in the individual fields, we'll provide the full CAA record here for you to copy.
  6. (Optional) Select Add More Records to add multiple DNS records at the same time. If you change your mind, select screenshot of the icon for deleting a dns record Delete to remove any records that haven't been saved yet.
  7. Select Save to add your new record. If you added multiple records at the same time, select Save All Records.
    • If your domain has Domain Protection, you'll need to verify your identity. If you've had 2-step verification (2SV) turned on for at least 24 hours, enter the code we sent via SMS, or enter the code from your authenticator app. Otherwise, enter the one-time password we sent to your registrant email address.

Most DNS updates take effect within an hour but could take up to 48 hours to update globally.

Related steps

  • If there are no CAA records on your domain, any certificate authority is authorized to issue a certificate for the domain. Entering a single blank issue tag prevents all certificate authorities from issuing any certificates on your domain.
  • Delete an existing CAA record if you no longer need it.
  • Create a DNS template to quickly apply DNS records to your domains.

More info

Share this article