API v2 Changelog

< Back to Changelog

CAA Support for Domain Record resources

Date: September 13, 2017

Tagged In: API v2

Author Andrew Starr-Bochicchio

Domain Record resources have been updated to add support for CAA records. As specified in RFC-6844, this record type can be used to specify which certificate authorities (CAs) are permitted to issue certificates for a domain.

For example, in order to restrict TLS/SSL certificate creation for example.com to letsencrypt.org, you would use a request like:

  curl -X POST \
    -d '{"type":"CAA","name":"@","data":"letsencrypt.org.","priority":null,"port":null,"ttl":1800,"flags":0,"tag":"issue"}' \
    -H "Content-Type: application/json" \
    -H "Authorization: Bearer $DIGITALOCEAN_TOKEN" \
    https://api.digitalocean.com/v2/domains/example.com/records

For more information on how to use CAA records, see this tutorial on our community site.