All Collections
Useful Articles
Why is my SSL certificate not working? | How CAA record affects SSL certificate
Why is my SSL certificate not working? | How CAA record affects SSL certificate
Andy Kostenko avatar
Written by Andy Kostenko
Updated over a week ago

Short.io provides SSL certificates for short links for free. After adding a domain to Short.cm, you need to wait up to one hour until HTTPS for short URLs is activated.

https-short.png

Sometimes SSL certificate can't be activated, according to an issue with domain configuration. When configuring a short domain for Short.cm, A-records that point to Short.cm IP addresses take place.

Along with A-records, a CAA record also may be listed. It's not compulsory to add CAA to a domain configuration, but some companies leverage it. CAA records may interrupt a correct configuration of the SSL-certificate on Short.io.

Let's review what a CAA record is and how to configure it correctly for Short.io.

What is a CAA Record?

A Certification Authority Authorization (CAA) record is used to specify which certificate authorities (CAs) are allowed to issue for a domain.

Short.io leverages the Let's Encrypt certificate.

The purpose of the CAA record is to allow domain owners to declare which certificate authorities are allowed to issue a certificate for a domain. If no CAA record is specified, any certificate authority is allowed. If a CAA record is specified, only the CAs listed in the CAA record are allowed to issue certificates for that hostname.

If you added a CAA record to the configuration of a short domain, the Let's Encrypt certificate must be specified. In the case of adding the CAA record and not specifying letsencrypt.org, CAA won't allow the Let's Encrypt certificate to be applied to Short.cm links.

CAA records can set policy for the entire domain or subdomains. Subdomains inherit values of CAA records. Therefore, a CAA record set on short.domain also applies to any subdomain, such as subdomain.short.domain. To set allowance for another CA for subdomain.short.domain, a separate CAA record must be added.

CAA Record Configuration

To allow the issuance of an SSL certificate for short.domain to the Let's Encrypt certificate authority, we should add the following CAA record:

short.domain. CAA 0 issue "letsencrypt.org"

Name: your short domain or subdomain.
Property identifier: issue
Provider: letsencrypt.org
TTL: usually 3,600

caa-record.png

Source: https://support.dnsimple.com/articles/caa-record/

Did this answer your question?