Certification Authority Authorization (CAA) is a method for a domain owner to permit one or more certification authorities (CAs) to issue SSL/TLS certificates using their domain name. The permission is provided through a CAA record associated with a DNS entry for the domain name.
Giving certificate issuance to one or more CAs also has the reverse effect as it prevents certificates from being issued by non-permitted CAs. This will increase security to protect your domains as only CAs which have met your selection criteria are permitted to issue.
So what does your CAA record say?
Entrust provides a CAA Lookup Tool to check domain CAA records. By putting in your FQDN (e.g., www.example.com) or your root domain name (e.g., example.com), the CAA checker will provide the following:
Entrust Datacard has a Certification Authority Authorization (CAA) page to provide information on CAA, including a CAA Best Practices guide to support DNS administrators.
To permit Entrust to issue certificates use: CAA 0 issue "entrust.net".