Looks like dnsimple supports this already:

https://support.dnsimple.com/articles/manage-caa-record/

 

SSL Labs reports this as an issue (but doesn't take off points yet):

https://www.ssllabs.com/ssltest/

 

Maybe you could allow customers to create these records with your UI now and worry about automatically creating/validating them later?

 

More information:

https://support.dnsimple.com/articles/caa-record/