Edit a domain's CAA resource record
Authorize DigiCert to issue certificates for your domain
Are you using DNS Certification Authority Authorization (CAA) resource records (RRs) to authorize CAs to issue certificates for your domains? Do you need to authorize DigiCert to issue certificates for your domains?
If you answered yes to both questions, use these instructions to authorize DigiCert to issue certificates for your domains.
Update the domain’s DNS CAA record to include a CAA record for “digicert.com”
Open the CAA DNS zone file.
Contact your domain registrar for more detailed information on accessing and editing DNS records on your domains.
In the file, under $ORIGIN yourdomain, add the following lines as needed:
"issue” property tag only
If only using the “issue” property tags, this single CAA RR applies to all hosts and subdomains under your domain, including www.yourdomain, shop.yourdomain, *.yourdomain, *.shop.yourdomain, etc.
ejemplo 1. "issue"$ORIGIN yourdomain.com. . CAA 0 issue "digicert.com"
“issue” and “issuewild” property tags
If using the “issue” and “issuewild” property tags, this CAA RR applies to all hosts and subdomains under your domain, including www.yourdomain, shop.yourdomain, *.yourdomain, *.shop.yourdomain, etc.
ejemplo 2. "issue" and "issuewild"$ORIGIN yourdomain.com . CAA 0 issue "digicert.com" . CAA 0 issuewild “digicert.com”
Complete the CAA RR check
Contact DigiCert Support to complete the certificate CAA RR check for the domain.