Skip to main content

Validate a domain using a DNS CNAME

Add a domain to CertCentral and validate it using the DNS CNAME record DCV method

Add a domain to your account and demonstrate control over the domain by creating a DNS CNAME record that includes a DigiCert-generated random value. Use a DNS CNAME record to point the random value and domain to DigiCert at dcv.digicert.com.

Before you begin

First, you must have at least one organization in your account. Before adding domains to your account, you must assign them to an organization in your CertCentral account. See Add an organization to your CertCentral account.

Additionally, to use the domain in OV, EV, or Private TLS/SSL or Secure Email certificates, you must submit the organization for organization validation. See Submit an organization for validation.

Once you have an organization, add a domain to the account and assign it an organization.

Step I: Add and select DNS CNAME record as the DCV method

  1. In your CertCentral account, go to the Domains page.

    In the left main menu, go to Certificates > Domains.

  2. On the Domains page, select New domain.

  3. On the New Domain page, under Domain details, enter the domain and organization information.

    1. Domain Name

      Enter the domain you want validated.

    2. Organization

      In the menu, select the organization you want to assign the domain to.

  4. Under Domain control validation (DCV) method, select DNS CNAME Record.

  5. When ready, select Submit for validation.

Step II: Use DNS CNAME record to demonstrate control over the domain

  1. On the domain's details page, in the Domain control validation (DCV) method section under User actions, in the Your unique verification token box, copy the verification token.

    The unique verification token expires after 30 days. To generate a new token, select the Generate New Token link.

  2. Use one of the options below to create your DNS CNAME record

    1. Option 1 (preferred): Create the DNS CNAME record with the static prefix _dnsauth

      1. Go to your DNS provider’s site and create a new CNAME record.

      2. In the hostname field (or equivalent), enter _dnsauth.

      3. In the record type field (or equivalent), select CNAME.

      4. In the target host field (or equivalent), enter [verification_token].dcv.digicert.com to point the CNAME record to dcv.digicert.com.

      5. Select a Time-to-Live (TTL) value or use your DNS provider's default value.

      6. Save the record.

    2. Option 2: Create the DNS CNAME record

      1. Go to your DNS provider’s site and create a new CNAME record.

      2. In the hostname field (or equivalent), enter the verification token that you copied from your CertCentral account.

      3. In the record type field (or equivalent), select CNAME.

      4. In the target host field (or equivalent), enter dcv.digicert.com to point the CNAME record to dcv.digicert.com.

      5. Select a Time-to-Live (TTL) value or use your DNS provider's default value.

      6. Save the record.

  3. Complete domain validation.

    1. In your CertCentral account, go to the Domains page.

      In the left main menu, go to Certificates > Domains.

    2. On the Domains page, in the Domain name column, select the domain link.

    3. On the domain's details page, in the Domain control validation (DCV) method section under User actions,select Check CNAME.

In this section: