[CF4SaaS, Pages] Add ssl.com to CAA records (#19224)

RebeccaTamachiro · web-flow · commit e94aae661756 · 2025-01-16T10:44:59.000Z
* Add ssl.com CAA examples to SSL4SaaS troubleshooting

* Add ssl.com to CAA records in debugging-pages.mdx

* Remove Comodo CA from CAA records in debugging-pages
diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/reference/troubleshooting.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/reference/troubleshooting.mdx
@@ -66,11 +66,14 @@ You will need to ensure that the required CAA records for the selected Certifica
 For example, here are the records required to issue [Let's Encrypt](https://letsencrypt.org/docs/caa/) and [Google Trust Services](https://pki.goog/faq/#caa) certificates:
 
 ```
+example.com CAA 0 issue "pki.goog; cansignhttpexchanges=yes"
+example.com CAA 0 issuewild "pki.goog; cansignhttpexchanges=yes"
+
 example.com CAA 0 issue "letsencrypt.org"
 example.com CAA 0 issuewild "letsencrypt.org"
 
-example.com CAA 0 issue "pki.goog; cansignhttpexchanges=yes"
-example.com CAA 0 issuewild "pki.goog; cansignhttpexchanges=yes"
+example.com CAA 0 issue "ssl.com"
+example.com CAA 0 issuewild "ssl.com"
 ```
 
 More details can be found on the [CAA records FAQ](/ssl/edge-certificates/troubleshooting/caa-records/).
diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/troubleshooting.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/troubleshooting.mdx
@@ -26,8 +26,9 @@ CAA is a DNS resource record type defined in [RFC 6844](https://datatracker.ietf
 If your customer has CAA records set on their domain, they will either need to add the following or remove CAA entirely:
 
 ```txt
-example.com. IN CAA 0 issue "letsencrypt.org"
 example.com. IN CAA 0 issue "pki.goog"
+example.com. IN CAA 0 issue "letsencrypt.org"
+example.com. IN CAA 0 issue "ssl.com"
 ```
 
 While it is possible for CAA records to be set on the subdomain your customer wishes to use with your service, it will usually be set on the domain apex. If they have CAA records on the subdomain, those will also have to be removed.
diff --git a/src/content/docs/pages/configuration/debugging-pages.mdx b/src/content/docs/pages/configuration/debugging-pages.mdx
@@ -156,12 +156,12 @@ In the above example, there is only a single CAA record which is allowing Amazon
 To resolve this, you will need to add the following CAA records which allows all of the Certificate Authorities (CAs) Cloudflare uses to issue certificates:
 
 ```
-example.com.            300     IN      CAA     0 issue "comodoca.com"
 example.com.            300     IN      CAA     0 issue "letsencrypt.org"
 example.com.            300     IN      CAA     0 issue "pki.goog; cansignhttpexchanges=yes"
-example.com.            300     IN      CAA     0 issuewild "comodoca.com"
+example.com.            300     IN      CAA     0 issue "ssl.com"
 example.com.            300     IN      CAA     0 issuewild "letsencrypt.org"
 example.com.            300     IN      CAA     0 issuewild "pki.goog; cansignhttpexchanges=yes"
+example.com.            300     IN      CAA     0 issuewild "ssl.com"
 ```
 
 ### Zone holds
