CAA Lookup
List the Certificate Authority Authorization (CAA) records for a domain.
No results yet
Enter a domain above and press Run to start the check.
About the CAA Lookup
CAA Lookup retrieves a domain's Certification Authority Authorization records, which specify exactly which certificate authorities are permitted to issue certificates for that name. Each record uses a tag such as issue, issuewild, or iodef to control standard certs, wildcard certs, and incident reporting. Publishing CAA records reduces the risk of mis-issuance, and CAs are required to honor them before issuing.
How to use
- Enter the domain you want to check for CAA records.
- Run the lookup to list any issue, issuewild, and iodef entries.
- Confirm the authorized CAs match the providers you actually use.
Frequently asked questions
- What does a CAA record do?
- A CAA record tells certificate authorities which of them are allowed to issue certificates for your domain. CAs must check it before issuance.
- What are the issue and issuewild tags?
- The issue tag authorizes a CA to issue standard certificates, while issuewild specifically governs wildcard certificates. If issuewild is absent, the issue rules apply.
- What happens if no CAA record exists?
- Without any CAA record, no CA is restricted, so any certificate authority may issue certificates for the domain. Adding records tightens that control.