Changes to Marketo Engage Secured Domains Platform

Marketo Employee
Marketo Employee

Changes to Marketo Engage Secured Domains Platform


We are announcing changes to how landing page and tracking link domains will be secured in the future using Marketo Engage managed SSL certificates. On October 18, 2022 our partner Cloudflare will change their certificate vendor from DigiCert to Google Trust Services and Let’s Encrypt. This change will only impact Marketo Engage managed certificates issued or automatically renewed on or after October 18th.


Will this change impact my Marketo Engage hosted domains?

If your landing page and/or tracking links SSL certificates are managed by Marketo Engage, and your business has a published CAA record, this change may impact you. If you have provided Marketo Engage with your own certificates to secure your landing page and/or tracking link domains, this change will not impact you. Please check with your IT team to confirm whether this change will impact your business.


How will this change impact my Marketo Engage hosted domains?

This change will impact any domain that has a published Certification Authority Authorization (CAA) record. CAA records must be updated to allow certificates issued by the new vendors Cloudflare is using. By default, domains will be secured with Google Trust Services issued certificates. If your business cannot use Google Trust Services certificates, then you may contact Customer Support to request Let’s Encrypt certificates or provide your own certificate.


Failing to update your CAA record will cause SSL certificates to fail to be issued for your domain. This could cause landing pages or tracking links to go down and return browser security errors for your visitors.


How do I update my CAA record in preparation for this change?

Please work with your IT team to prepare for this change. Marketo Engage Customer Support teams are not able to make the necessary changes to update your CAA record. Documentation on what changes are needed to support the new certificate vendors can be found at:


Google Trust Services:

Let’s Encrypt:


When will this change impact my business?

Cloudflare will make this change on October 18, 2022. However this change will only impact newly secured domains or domains that have their certificates automatically renewed. When your certificate is renewed is generally within 30 days of it’s expiration date. We recommend you make any necessary changes to your CAA record as soon as possible. There will be no warning or notice in advance of certificate renewal for Marketo Engage managed certificates.