How do I set the CAA Record Let’s Encrypt TLS configuration seems to indicate that the CAA record should be set with
tag: "issue", flags: "0", value:

as you can see here:

However, Google indicates that it should be set to 0 issue as you can see here:
Screen Shot 2021-12-23 at 3.32.44 PM
from Resource record types - Google Domains Help

Which is it? Does it matter?

Here’s how I’ve done it for my website “” on Google Domains.

I think both refer to the same thing, it’s how the format of CAA in a string looks like.

To set the CAA record is quite easy for everyone. If you follow this stratedy:

  1. Open your CloudFlare account and log in.

  2. Select the pertinent webpage.

  3. The “DNS” icon is located at the top of the page.

  4. Click the “Add” record button in the DNS Records panel.

  5. Decide on “CAA” in the Type area.

  6. Enter the appropriate subdomain (or for the domain name alone) in the “Name” text field.

    1. Enter 0 in the “Flag” column.
    1. Select “Only allow specified hostnames” (or “Only allow wildcards” to permit the issuing of wildcard certificates) in the “Tag” section. In this instance, be careful to also establish a “Only accept particular hostnames” record.
    1. To store your CAA record, click the “Save” button.
1 Like