CAA (Certification Authority Authorization) records are a type of DNS record used by SSL certificates to indicate which certificate authorities can issue SSL/TLS certificates for your domain.

How to add CAA records

If your domain is pointing to Hostinger by nameservers, the required CAA records are added by default.

In case you need additional records - for example, to install a custom SSL, go to your DNS Zone Editor, scroll to the Manage DNS records area and choose CAA on the type of record:

Which values to use?

  • Name

    • For your domain, insert @ as Name.

    • For subdomains, insert the subdomain's name, eg. if you have a subdomain store.domain.tld, use store as name

  • Flag - the default value is 0. If you use 1, it can block the validation in case the tag is unknown by the Certificate Authority (CA)

  • Tag - you can choose from the following:

    • issue: The CA is authorized to provide a certificate for this domain

    • issuewild: the CA can issue wildcard certificates for this domain

    • iodef: URL that the CA can use to send an error message

  • CA domain - specify the Certificate Authority. Both the tag and the CA domain should be provided by your certificate issuer

  • TTL - the default value is 14400 seconds

In case your domain is pointing somewhere else by nameservers, you can add the default CAA records for Hostinger on your domain’s DNS Zone using the following values:

Name

Content
(flag, tag, CA domain)

TTL

@ or subdomain

0 issue digicert.com

1440 or default

@ or subdomain

0 issuewild digicert.com

1440 or default

@ or subdomain

0 issue sectigo.com

1440 or default

@ or subdomain

0 issuewild sectigo.com

1440 or default

@ or subdomain

0 issue letsencrypt.org

1440 or default

@ or subdomain

0 issuewild letsencrypt.org

1440 or default

@ or subdomain

0 issue globalsign.com

1440 or default

@ or subdomain

0 issuewild globalsign.com

1440 or default

@ or subdomain

0 issue comodoca.com

1440 or default

@ or subdomain

0 issuewild comodoca.com

1440 or default

NOTE:

  • If you're using Cloudflare, set the Proxy status to DNS only for all CAA records

How to edit or delete CAA records

It is recommended to keep all the default CAA records and not delete them, as it can prevent the SSL to install successfully. To edit or delete a CAA record:

After applying any changes to your DNS zone, consider up to 24 hours to fully propagate.

Did this answer your question?