This article provides information on adding a CAA record for the club's externally managed domain name.
NB: If your domain is registered via Pitchero and Pitchero manages your DNS settings, you do not need to do anything.
Domains connected to the Pitchero system use SSL certificates to encrypt traffic flowing across the internet from your computer to our servers. SSL certificates must be renewed periodically and to do this our certificate provider Amazon Web Service (AWS) needs to have permission to renew the certificate.
In order to give permission you will need to add two CAA records to your DNS settings for your domain. See the examples below:
|
Record name/host name |
Record type |
Record value/destination |
|
@ |
CAA |
0 issue "amazontrust.com" |
|
@ |
CAA |
0 issuewild "amazontrust.com" |
You must add BOTH of the records.
You can check which Certification Authority Authorization (CAA) records already exist by using the Google Apps Dig Tool below. Just type in your domain name (without the www) and hit the “CAA” button:
https://toolbox.googleapps.com/apps/dig/#CAA/
Once you have added these records, and they are visible via the Google Apps Dig Tool, your certificate should renew automatically. As with any DNS change, it can take up to 24 hours for changes to propagate across the internet.
More information from Amazon Web Services (AWS) https://docs.aws.amazon.com/acm/latest/userguide/troubleshooting-caa.html