When you add CAA (Certification Authority Authorization) records, you're telling the DNS system which Certificate Authorities (CAs) are allowed to issue SSL certificates for your domain. This is a security best practice to prevent unauthorized certificate issuance.

If you have fully connected your domain but get a "not secure" warning, your domain provider may be blocking external SSL's. To check this, go to: https://dnschecker.org/#CAA/ and look for the records below. As best practice, you can go into your DNS settings and check the CAA records one by one.

For Let's Encrypt

example.com. IN CAA 0 issue "letsencrypt.org"

For AWS Certificate Manager (ACM) / Amazon Trust Services

example.com. IN CAA 0 issue "amazon.com"

example.com. IN CAA 0 issue "letsencrypt.org"

example.com. IN CAA 0 issue "amazon.com"

example.com. IN CAA 0 issue "awstrust.com"

example.com. IN CAA 0 issue "amazontrust.com"

You can check your DNS records and if any of the above is missing then add them to your DNS records example.com is your domain name, you can either use your base domain name so "example.com" or "@" in some cases both without quotation marks.

If you get stuck, please email us at support@kickpages.com