A CAA record is used for SSL certificates. Basically, It's a way for you as a domain owner to make it known to everyone which certificate authorities can issue SSL/TLS certificates for your domain. You can manage your DNS records via DNS Zone Editor. To add a new record choose the type of record as CAA:


  • If your domain is pointing elsewhere by NS records, your DNS Zone management is moved to the provider you pointed the domain to and should be managed from there

What to use as a Name?

If you are adding CAA records for your domain, insert @ as Name.

If you are adding CAA records for your subdomain, insert the subdomain's name as a name, for example for subdomain support.hostinger.com you should insert support as a host.

What to use as Flag?

The default is 0. If you put 1, this blocks the validation if the tag is unknown by the CA.

What to use as a Tag?

Here you can choose from these:

  • issue: The CA is authorized to provide a certificate for this domain

  • issuewild: the CA can issue wildcard certificates for this domain

  • iodef: URL that the CA can use to send an error message

What to use as a CA domain?

Here you can specify the Certificate Authority, for example in Hostinger we use letsencrypt.org, comodoca.com, globalsign.com, and digicert.com. Keep in mind to not delete these existing records in your DNS Zone as that can prevent you from installing SSL successfully.

What to use as a TTL?

The default TTL value is recommended. By default, the TTL is set to 14400 seconds (four hours).

How to edit or delete CAA records?

If you want to edit an existing record, check this article: How to manage my DNS records on hPanel?

Any DNS Record changes trigger propagation, which can last up to 24 hours to fully propagate.

Did this answer your question?