A CAA record specifies exactly which Certificate Authorities are allowed to issue an SSL certificate for your domain — without one, any trusted CA can issue a certificate for your domain, which becomes a real risk if any single CA in the entire ecosystem is ever compromised.
CAA records restrict which Certificate Authorities can issue SSL certificates for your domain. Without one, any CA can issue a certificate for your domain — a significant security risk.
A CAA record exists, restricting certificate issuance to your actual certificate provider(s).
Fix it, then re-scan — the check confirms itself. No manual checkbox, the scan is the truth.
Run this check in H.I.V.E. →