727.388.4240

Google Plus

Blog
  1. Home
  2. SSL Certificate Support
  3. Validation for SSL Certificates
  4. How to Complete DNS Verification
Searching...

How to Complete DNS Verification

For domain verification to be completed using the DNS method, you will need to add either a CNAME or a TXT Record depending on which vendor you purchased your SSL from. Sectigo (formerly Comodo) only uses CNAME Records for verification and DigiCert/Symantec/GeoTrust/Thawte/RapidSSL can only use TXT records for verification.

Regardless of which type of record you will be creating, the new record will need to be publicly visible using an online DNS Lookup tool before your certificate can be issued. This way we know that the vendor’s system will be able to access the record and validate your SSL.

Please Note: It can take anywhere from 24-48 hours for your TXT or CNAME record to propagate to the internet. This is the case with all DNS updates and is outside of our control. While it’s not typical that it takes that long to be publicly visible, it is possible.

Sectigo: Add Your CNAME Record to Your DNS Manager

Only use these instructions if you have a Sectigo (formerly Comodo) certificate.

  1. Log into your domain’s hosting Control Panel (typically the registrar of your domain).
  2. Locate and select the DNS Zone Manager for your desired domain.
  3. Select the option to create a new CNAME Record.
  4. In the Host Name or Alias field, place the first unique value for your order as shown in your order details page in your account. This value will begin with an “_” and that special character must be present in the record.
  5. In the CNAME / Points To field, place the second unique value for your order as shown in your order details page in your account. This value will end with “comodoca.com” and that must be included in the record value.
  6. Set the TTL to 3600 or the lowest possible option.
  7. Click Save and wait for the record to propagate (i.e. 15 minutes).

Please Note: If this method isn’t working for you and you would like to try a different verification method (File Based or Email Based), scroll down to the bottom of your order details page within your account and select “Change Approver Method” to select another option. The instructions for the option that you choose will then appear in your account.

How to Check if Your CNAME is Ready!

If you would like to see if your CNAME record is able to be validated, you can check your record using any DNS record lookup tool like this one: https://www.whatsmydns.net/

  1. In the search box, input the value you placed into your Host Name field (the value with the “_” in it), select CNAME from the drop-down menu, and then select “Search”.
  2. If you can see your CNAME record’s “Points To” value in the search results alongside of green check marks, then your CNAME record is propagated and the vendor’s system should issue your SSL shortly.

Next Steps

  • If you’ve purchased a DV certificate, once you’ve gotten your domain ownership approved you’ll be receiving your certificate shortly. Once received you’ll be able to install your SSL on your server. For help installing your SSL Certificate, click here.
  • If you’ve purchased an OV or EV certificate, then you’ll need to proceed to your organization validation steps to receive your certificate files. For help with getting this done, please see our support article for OV Certificates here and our support article for EV Certificates here.
  • If it has been more than 15 minutes since you could see your CNAME record’s Points To value using an online tool and you have still not received your certificate, scroll to the bottom of the order details page within your account and select “Change Approval Settings” and then select “Save” (without making any changes to the approval settings). This will prompt the vendor’s system to retry your CNAME record and your certificate should issue. Please allow another 15 minutes to go by before contacting support for assistance with your order.

DigiCert: Add Your TXT Record to Your DNS Manager

Only use these instructions if you have a DigiCert/Symantec/Thawte/GeoTrust/RapidSSL Certificate.

  1. Log into your domain’s hosting Control Panel (typically the registrar of your domain).
  2. Locate and select the DNS Zone Manager for your desired domain.
  3. Select the option to create a new TXT Record.
  4. In the Host Name or Alias field, either leave it blank or place an @ symbol.
  5. In the TXT Value field, place the unique value that is displayed on your Order Details Page within your account.
  6. Set the TTL to 3600 or the lowest possible option.
  7. Click Save and wait for the record to propagate (i.e. 15 minutes).

Please Note: If this method isn’t working for you and you would like to try a different verification method (File Based or Email Based), scroll down to the bottom of your order details page within your account and select “Change Approver Method” to select another option. The instructions for the option that you choose will then appear in your account.

How to Check if Your TXT Record is Ready!

If you would like to see if your TXT record has propagated to the internet, you can check your record using any DNS record lookup tool like this one: https://www.whatsmydns.net

  1. In the search box, input the exact domain that you added the TXT record to, then select TXT from the drop-down menu, then hit “Search”.
  2. If you can see your TXT record’s unique value in the search results alongside of green check marks, then your TXT record is propagated, and the vendor’s system should issue your SSL shortly.

Next Steps

  • If you’ve purchased a DV certificate, once you’ve gotten your domain ownership approved you’ll be receiving your certificate shortly. Once received you’ll be able to install your SSL on your server. For help installing your SSL Certificate, click here.
  • If you’ve purchased an OV or EV certificate, then you’ll need to proceed to your organization validation steps to receive your certificate files. For help with getting this done, please see our support article for OV Certificates here and our support article for EV Certificates here.
  • If it has been more than 15 minutes since you could see your TXT record’s unique value using an online tool and you have still not received your certificate, scroll to the bottom of the order details page within your account and select “Change Approval Settings” and then select “Save” (without making any changes to the approval settings). This will prompt the vendor’s system to retry your TXT record and your certificate should issue. Please allow another 15 minutes to go by before contacting support for assistance with your order.
Updated on

Was this article helpful?

Yes No

Related Articles