Certification Authority Authorization (CAA) is a RFC standard implemented to hint Cert Authority (CA) if they are authorized to issue an SSL cert to a particular domain. You can add this setting via DNS records.
Steps:
(1) Sign-in to your domain DNS manager. (E.g. Route53, GoDaddy, CloudFlare, etc)
(2) Add a new record with type "CAA".
(3) There are 3 possible values for CAA record.
| Allow for a specific domain | issue |
| Allow for wildcard | issuewild |
| Violation report | iodef |
(4) Each CA will have a different hostname to be whitelisted. You should consult your current CA or the CA that you plan to purchase a SSL cert from. Example:
CAA calvin.my 0 issue letencrypt.org CAA calvin.my 0 issue globalsign.com CAA calvin.my 0 issuewild globalsign.com CAA calvin.my 0 iodef mailto:mail@calvin.my
(5) Alternatively, you can use CAA Record Generator to help you get a list of records you need to add.