Certification Authority Authorization (CAA) is a RFC standard implemented to hint Cert Authority (CA) if they are authorized to issue an SSL cert to a particular domain. You can add this setting via DNS records.


(1) Sign-in to your domain DNS manager. (E.g. Route53, GoDaddy, CloudFlare, etc)

(2) Add a new record with type "CAA".

(3) There are 3 possible values for CAA record. 

Allow for a specific domainissue
Allow for wildcardissuewild
Violation reportiodef

(4) Each CA will have a different hostname to be whitelisted. You should consult your current CA or the CA that you plan to purchase a SSL cert from. Example:

CAA calvin.my 0 issue letencrypt.org
CAA calvin.my 0 issue globalsign.com
CAA calvin.my 0 issuewild globalsign.com
CAA calvin.my 0 iodef mailto:mail@calvin.my

(5) Alternatively, you can use CAA Record Generator to help you get a list of records you need to add.