CAA record standard with our SSL services
As of September 8, 2017, Certificate Authorities (CAs) are required to check the Certificate Authority Authorization (CAA) record in the DNS when issuing a certificate. Although it is not mandatory for domain owners to include such a record, we apply this additional security mechanism by default to ensure the security of our customers.
What is a CAA record?
A CAA record is a special type of DNS record that allows you to specify which CAs are allowed to issue an SSL certificate for your domain. This ensures that no unauthorized certificates are issued by any CA.
Imagine a third party, such as a government agency, tries to obtain an SSL certificate for your domain without your permission. By using a CAA record, the CA checks whether they are authorized to issue a certificate for your domain.
CAA record for LinQhost
The CAA record for www.linqhost.nl looks like this:
[local@localhost ~]$ dig +noall +answer linqhost.nl CAA
linqhost.nl. 10663 IN CAA 0 iodef "mailto:sslmaster@linqhost.net"
linqhost.nl. 10663 IN CAA 0 issue "comodoca.com"
With this record we indicate that SSL certificates for linqhost.nl may only be issued by Comodo. If you have an older version of the dig command, you can get an A-record back with the above command.
When does the CAA record become active?
As of September 8, 2017, we will add a CAA record to new SSL certificate issuances by default. For existing SSL certificates, a CAA record will be added upon renewal, provided that the domain is hosted in our DNS and the SSL certificate is also purchased through us.
Update 07-09-2017: All existing domains with SSL certificates with us now also contain a CAA record.
Related Articles
SPF record LinQhost
Do you want to make sure that your emails arrive safely and do not end up in spam? Then it is essential to set up your SPF records correctly. At LinQhost we make this process easy for you. What is an SPF Record? SPF stands for Sender Policy ...DKIM: Setting up HPW
Emails sent from your HPW server(s) are considered reliable when it is equipped with DKIM. We explain the how and why in this blog: How to enable DKIM on your HPW server via our Portal How to add the DKIM DNS records to the DNS zone via our Portal ...DKIM: Setting up on Plesk
Emails sent from your Plesk server(s) are considered reliable when it is equipped with DKIM. We will tell you in this blog: how to enable DKIM on your Plesk server you can set this on the desired Plesk packages you can add the DKIM DNS records to the ...Set up email Workspace (Google) and Office 365 (Microsoft)
Since each control panel works slightly differently, we would like to show you how to correctly set up G Suite (Google) and Office 365 (Microsoft) email within the LinQhost Portal. General When you use any of the above services, you should take at ...My sent email is rejected
Unfortunately, it can happen that emails do not reach the recipient. There are several possible causes, and here you will find the most common problems and solutions! If you are still experiencing problems after reading this manual, you can, for ...