app.layer0.co Let’s Encrypt TLS configuration seems to indicate that the CAA record should be set with
tag: "issue", flags: "0", value: letsencrypt.org
as you can see here:
However, Google indicates that it should be set to
0 issue letsencrypt.org as you can see here:
from Resource record types - Google Domains Help
Which is it? Does it matter?
Here’s how I’ve done it for my website “rishi.app” on Google Domains.
I think both refer to the same thing, it’s how the format of CAA in a string looks like.
To set the CAA record is quite easy for everyone. If you follow this stratedy:
Open your CloudFlare account and log in.
Select the pertinent webpage.
The “DNS” icon is located at the top of the page.
Click the “Add” record button in the DNS Records panel.
Decide on “CAA” in the Type area.
Enter the appropriate subdomain (or for the domain name alone) in the “Name” text field.
- Enter 0 in the “Flag” column.
- Select “Only allow specified hostnames” (or “Only allow wildcards” to permit the issuing of wildcard certificates) in the “Tag” section. In this instance, be careful to also establish a “Only accept particular hostnames” record.
- To store your CAA record, click the “Save” button.