Skip to main content

Validate a domain using a DNS CNAME

Add a domain to CertCentral and validate it using the DNS CNAME record DCV method

Use these instructions to add a domain to your CertCentral account and validate it using the DNS CNAME domain control validation (DCV) method. In the domain's DNS as a CNAME record, add _dnsauth in the hostname field. Then, add [random_value].dcv.digicert.com to the target host field, to point the random value and domain to DigiCert at dcv.digicert.com.

Before you begin

First, you must have at least one organization in your CertCentral account. To add a domain to your account, you must assign it to an organization. Learn how to add an organization to your CertCentral account.

To use the domain in OV, EV, or private TLS/SSL, or Secure Email certificates, you must submit the organization for validation. Learn how to submit an organization for validation.

When you have an organization, add a domain to the account and assign it to an organization.

Acronyms in this article: Domain Name System (DNS), Canonical Name (CNAME), organization validation (OV),

Step I: Add domain and select DNS CNAME record as the DCV method

  1. In CertCentral, in the left main menu, go to Certificates > Domains.

    For CertCentral Subscription accounts, in the left menu, go to Validation > Domains.

  2. On the Domains page, select New domain.

  3. On the New Domain page, under Domain details, enter the domain and organization information.

    1. Domain Name

      Enter the domain you want validated.

    2. Organization

      In the menu, select the organization you want to assign the domain to.

  4. Under Domain control validation (DCV) method, select DNS CNAME Record.

  5. When ready, select Submit for validation.

Step II: Use DNS CNAME record to demonstrate control over the domain

  1. On the domain's page, in the Domain control validation (DCV) method section, under User actions, copy the random value from Your unique verification token.

    The unique verification token expires in 30 days. To generate a new token, select the Generate New Token link.

  2. Create your DNS CNAME record.

    1. Go to your DNS provider’s site and create a new CNAME record.

      For more detailed instructions for creating or updating a DNS TXT record, try the following resources:

      • Your DNS provider's documentation.

      • DigiCert knowledge base for articles like this one: Create a CNAME Record.

    2. In the hostname field (or equivalent), enter _dnsauth.

    3. In the record type field (or equivalent), select CNAME.

    4. In the target host field (or equivalent), enter [random_value].dcv.digicert.com to point the CNAME record to dcv.digicert.com.

    5. Select a Time-to-Live (TTL) value or use your DNS provider's default value.

    6. Save the record.

    Important

    On October 28, 2025, DigiCert ended support for the [random_value] prefix DNS CNAME record configuration. To learn more about this change, see the October 28 change log entry.

  3. Complete domain validation.

    1. In CertCentral, in the left main menu, go to Certificates > Domains..

      For CertCentral Subscription accounts, in the left menu, go to Validation > Domains.

    2. On the Domains page, in the Domain name column, select the domain link.

    3. On the domain's details page, in the Domain control validation (DCV) method section under User actions, select Check CNAME.

In this section: