To get GeoTrust certificates for your domain, update the CAA DNS Resource Record to state that GeoTrust is approved to issue certificates for your domain.
The registered domain owner must update the CAA DNS zone file to add GeoTrust as an approved CA in a CAA DNS record. You can find information about how to access and edit the CAA DNS zone file for the domain by contacting the domain’s registrar.
The single CAA record applies to all web servers in your domain, like www.geotrustoffer.com, shop.geotrustoffer.com, checkout.geotrustoffer.com, etc.
What is CAA?Certification Authority Authorization (CAA) allows a website owner to specify the Certificate Authorities that are authorized to issue certificates for that domain or website. For additional information on CAA see Certification Authority Authorization (CAA)
Update: With Digicert's acquisition of Symantec Website Security and related PKI solutions, Certification Authority Authorization (CAA) records can now include digicert.com. This authorizes DigiCert to issue DigiCert, Symantec, Thawte, GeoTrust, and RapidSSL certificates for domains that contain such CAA records.
Do you already have a CAA Resource Record authorizing GeoTrust to issue certificates for yourdomain.com (yourdomain.com CAA 0 issue "geotrust.com")? Then, you don’t need to modify your existing CAA RR, nor do you need to create an additional CAA RRs for yourdomain.com. With that record you authorize DigiCert to issue your GeoTrust brand certificates for that domain plus all the other DigiCert certificate brands (DigiCert, Symantec, Thawte, and RapidSSL).
A technical report is also available here GeoTrust Technical Report – Guide to CAA.