All Collections
Useful Articles
Why is my SSL certificate not working? | How CAA record affects SSL certificate
Why is my SSL certificate not working? | How CAA record affects SSL certificate
Andy Kostenko avatar
Written by Andy Kostenko
Updated over a week ago provides SSL certificates for short links for free. After adding a domain to, you need to wait up to one hour until HTTPS for short URLs is activated.


Sometimes SSL certificate can't be activated, according to an issue with domain configuration. When configuring a short domain for, A-records that point to IP addresses take place.

Along with A-records, a CAA record also may be listed. It's not compulsory to add CAA to a domain configuration, but some companies leverage it. CAA records may interrupt a correct configuration of the SSL-certificate on

Let's review what a CAA record is and how to configure it correctly for

What is a CAA Record?

A Certification Authority Authorization (CAA) record is used to specify which certificate authorities (CAs) are allowed to issue for a domain. leverages the Let's Encrypt certificate.

The purpose of the CAA record is to allow domain owners to declare which certificate authorities are allowed to issue a certificate for a domain. If no CAA record is specified, any certificate authority is allowed. If a CAA record is specified, only the CAs listed in the CAA record are allowed to issue certificates for that hostname.

If you added a CAA record to the configuration of a short domain, the Let's Encrypt certificate must be specified. In the case of adding the CAA record and not specifying, CAA won't allow the Let's Encrypt certificate to be applied to links.

CAA records can set policy for the entire domain or subdomains. Subdomains inherit values of CAA records. Therefore, a CAA record set on short.domain also applies to any subdomain, such as subdomain.short.domain. To set allowance for another CA for subdomain.short.domain, a separate CAA record must be added.

CAA Record Configuration

To allow the issuance of an SSL certificate for short.domain to the Let's Encrypt certificate authority, we should add the following CAA record:

short.domain. CAA 0 issue ""

Name: your short domain or subdomain.
Property identifier: issue
TTL: usually 3,600

Did this answer your question?