Certificate Authority Authorization (CAA) records

There is a DNS resource record type - CAA (Certificate Authority Authorization) - that allows to indicate which CAs are allowed to issue certificates for domains.

Stape uses the following Certificate Authorities: digicert.com, letsencrypt.org, pki.goog.

If you are using CAA records for your own domain, please make sure that you added these records: 

• If you do not use the Stape CDN functionality:

gtm.example.com. IN CAA 0 issue "letsencrypt.org"

• If you use the Stape CDN functionality:

gtm.example.com. IN CAA 0 issue "digicert.com"
gtm.example.com. IN CAA 0 issue "letsencrypt.org"
gtm.example.com. IN CAA 0 issue "pki.goog"