Certification Authority Authorization (CAA) is a RFC standard implemented to hint Cert Authority (CA) if they are authorized to issue an SSL cert to a particular domain. You can add this setting via DNS records.
(1) Sign-in to your domain DNS manager. (E.g. Route53, GoDaddy, CloudFlare, etc)
(2) Add a new record with type "CAA".
(3) There are 3 possible values for CAA record.
|Allow for a specific domain||issue|
|Allow for wildcard||issuewild|
(4) Each CA will have a different hostname to be whitelisted. You should consult your current CA or the CA that you plan to purchase a SSL cert from. Example:
CAA calvin.my 0 issue letencrypt.org CAA calvin.my 0 issue globalsign.com CAA calvin.my 0 issuewild globalsign.com CAA calvin.my 0 iodef mailto:email@example.com
(5) Alternatively, you can use CAA Record Generator to help you get a list of records you need to add.