Cloudflare’s support for DNS Certificate Authority Authorization (CAA) records is now live.
Step 1 - Log in to the Cloudflare dashboard and click on the DNS tab.
Step 2 - Add CAA records for each Certificate Authority you wish to authorize
Change the new record select box to ‘CAA’, type in your domain in the first box (here: upinatoms.com), and tab to the next box to pop up the modal shown below.
Leave the “Allow wildcards and specific hosts” dropdown selected for tag and enter the desired CA, e.g., “comodoca.com” in the value box then hit Save. After hitting Save you must also click Add Record.
If you wish to continue to use Universal SSL, you must repeat this process for each Universal SSL CA: comodoca.com, digicert.com, and globalsign.com.
Step 3 - Review the added records for accuracy
Here are records that match sample support ticket #1 from above.