No CAA records — any CA can issue certificates for this domain

CAA (Certification Authority Authorisation) records are a DNS setting that lists which certificate authorities are allowed to issue SSL certificates for your domain. No such records are set, so any certificate authority in the world could issue a certificate for your site. If a certificate authority is ever compromised, attackers could get a valid certificate for your domain and use it to impersonate your site. CAA records close that gap. Add CAA DNS records at your DNS provider, naming the certificate authority you already use (for example, Let's Encrypt or DigiCert). Your hosting provider can usually tell you which one.