Skip to main content

Complete DNS-01 challenges for ACME

Use the DNS-01 challenge when you automate certificate issuance and renewal using an ACME client that controls the domain's DNS records. The ACME client creates a DNS TXT record containing the required validation parameter and DigiCert-generated random value. The DNS-01 challenge supports wildcard domain validation.

Before you begin

  • The ACME client must have API access to the domain's DNS provider to create and remove TXT records automatically

  • DNS propagation time must be accounted for before DigiCert checks for the record

  • The ACME client must be configured with your DigiCert ACME directory URL and EAB credentials. See Create ACME credentials.

Complete the challenge

  1. Configure the ACME client to request the DNS-01 challenge type.

  2. Initiate a certificate request through the ACME client for the domain.

  3. Allow the ACME client to create a DNS TXT record for _acme-challenge.yourdomain.com containing the DigiCert-generated random value.

  4. Allow DNS propagation to complete.

  5. Allow the ACME client to notify DigiCert that the record is ready.

DigiCert validates the domain when it detects the DNS TXT record containing the correct random value. Certificate issuance proceeds after domain control validation is successful, organization validation is complete where applicable, and approval settings allow automated issuance.

Notice

The DNS-01 challenge validates the base domain and the wildcard simultaneously. Validating _acme-challenge.example.com covers both example.com and *.example.com.

Related topics

What's next

Discover certificates to enable lifecycle automation to locate unmanaged certificates and bring them under automated lifecycle management

In questa sezione: