CAA Checker
See which Certificate Authorities are authorised to issue TLS certificates for a domain.
Why CAA matters
A CAA (Certification Authority Authorization) record restricts which CAs may issue certificates for your domain, reducing the risk of mis-issuance. No CAA record means any public CA may issue — adding one is a cheap, low-risk hardening step.
example.com. CAA 0 issue "letsencrypt.org"
Related tools
- SSL Checker — the certificate a CA issued.
- Full DNS Lookup — every record at once.
Frequently asked questions
▸ ▾ What is a CAA record?
A DNS record that lists which certificate authorities are allowed to issue certificates for your domain, reducing the risk of mis-issuance.
▸ ▾ Do I need a CAA record?
It's optional but recommended. Without one, any CA may issue for your domain; with one, only the CAs you list may.