CAA record presence
Check whether the domain publishes CAA records.
Check which certificate authorities are allowed to issue SSL certificates for your domain.
CAA records • SSL issuance • Certificate authority • issue tags • DNS lookup • No signup
One check reviews CAA records, allowed certificate authorities and SSL issuance policy.
Check whether the domain publishes CAA records.
Review which CAs are allowed to issue certificates for the domain.
Check issuewild rules for wildcard certificate issuance.
Find iodef reporting addresses for certificate issuance issues.
Review whether CAA policy may be inherited from parent domains.
Understand how CAA records help control certificate issuance.
Find certificate issuance policy signals that may affect SSL management.
Missing CAA records are common and not a certificate failure. Missing iodef or issuewild tags are informational — they do not mean your SSL certificate is invalid.
The checker reads DNS CAA records and explains SSL certificate issuance policy.
We clean the input, remove protocol or path, and validate the domain format.
The tool checks CAA records in DNS for your domain and parent policy where available.
See allowed certificate authorities, wildcard rules, reporting contacts and recommended improvements.
Allows a certificate authority to issue standard SSL certificates for the domain.
Controls which certificate authorities may issue wildcard certificates.
Defines where certificate authorities can send reports about issuance problems.
CAA flags can mark parts of the record as critical for certificate authorities.
CAA records control certificate issuance policy. They do not prove the currently installed SSL certificate is valid.
Checking CAA records…
Send us your domain report and we’ll review the issue.
Common questions about CAA records and certificate issuance policy.