Certificate Authority Authorization (CAA) records
Updated Mar 9, 2026
There is a DNS resource record type - CAA (Certificate Authority Authorization) - that allows to indicate which CAs are allowed to issue certificates for domains.
Stape uses the following Certificate Authorities: digicert.com, letsencrypt.org, pki.goog, sectigo.com.
Error example without adding these records
If you are using CAA records for your own domain, please make sure that you added these records:
- If you do not use the Stape CDN functionality:
gtm.example.com. IN CAA 0 issue "letsencrypt.org"
- If you use the Stape CDN functionality:
gtm.example.com. IN CAA 0 issue "digicert.com"
gtm.example.com. IN CAA 0 issue "letsencrypt.org"
gtm.example.com. IN CAA 0 issue "pki.goog"
- If you use the Disabled CDN functionality:
gtm.example.com. IN CAA 0 issue "sectigo.com"
no spam
Subscribe to product updates:
Can’t find what you are looking for?
Comments