Configuring CAA Records

Cloudflare’s support for DNS Certificate Authority Authorization (CAA) records is now live.  


Step 1 - Log in to the Cloudflare dashboard and click on the DNS tab.


Step 2 - Add CAA records for each Certificate Authority you wish to authorize


Change the new record select box to ‘CAA’, type in your domain in the first box (here:, and tab to the next box to pop up the modal shown below.


Leave the “Allow wildcards and specific hosts” dropdown selected for tag and enter the desired CA, e.g., “” in the value box then hit Save. After hitting Save you must also click Add Record.


If you wish to continue to use Universal SSL, you must repeat this process for each Universal SSL CA:,, and


Step 3 - Review the added records for accuracy

Here are records that match sample support ticket #1 from above. 


Still not finding what you need?

The Cloudflare team is here to help. 95% of questions can be answered using the search tool, but if you can’t find what you need, submit a support request.

Powered by Zendesk