Skip to main content

使用 DNS CNAME DCV 方法

通过 DNS CNAME 记录证明对域的控制权

通过创建包含随机生成令牌的 DNS CNAME 记录来证明对域的控制权。CNAME 记录用于将 token.domain 指向 DigiCert (dcv.digicert.com)。

For information about this DCV method and other DCV methods, see DV TLS certificate domain control validation (DCV) methods.

Acronyms in this article: Domain Name System (DNS), Canonical Name (CNAME), Transport Security Layer (TLS)

使用 DNS CNAME DCV 方法证明对域的控制权

  1. 在您的 CertCentral 帐户的左侧主菜单中,转到证书 > 订单

    1. In the left main menu, go to Certificates > Orders.

    2. On the Orders page, in the Order # column, select the certificate's order number link.

    3. For CertCentral Subscription accounts, the steps to access the Order # detail page are different.

      1. In the left menu, go to My Digital Trust Products > Certificates.

      2. On the Certificates page, in the Order # column, select the certificate's order number link.

  2. 订单编号详细信息页面的订单状态部分,检查订单的验证状态(订单是否在等待完成域验证?)。

    When validation is done, the Certificate status section no longer appears on the Order # details page.

  3. 您需要的操作下,选择证明对域的控制权链接。

  4. 证明对域的控制权窗口的域控制验证 (DCV) 方法下拉列表中,选择 DNS CNAME 记录

  5. 证明对域的控制权窗口的域控制验证 (DCV) 方法下拉列表中,选择 DNS CNAME 记录

    The random value expires in 30 days.

  6. 创建 CNAME 记录

    1. Go to your DNS provider’s site and create a new CNAME record.

      For more detailed instructions for creating or updating a DNS TXT record, try the following resources:

      • Your DNS provider's documentation.

      • DigiCert knowledge base for articles like this one: Create a CNAME Record.

    2. In the hostname field (or equivalent), enter _dnsauth.

    3. In the record type field (or equivalent), select CNAME.

    4. In the target host field (or equivalent), enter [random_value].dcv.digicert.com to point the CNAME record to dcv.digicert.com.

    5. Select a Time-to-Live (TTL) value or use your DNS provider's default value.

    6. Save the record.

    重要

    On October 28, 2025, DigiCert ended support for the [random_value] prefix DNS CNAME record configuration. To learn more about this change, see the October 28 change log entry.

  7. 验证 CNAME 记录

    1. 在您的 CertCentral 帐户中,转到证书的订单编号详细信息页面。

      1. 在左侧主菜单中,转到证书 > 订单

      2. 订单页面的订单编号列,选择证书的订单编号链接。

      For CertCentral Subscription accounts:

      1. In the left menu, go to My Digital Trust Products > Certificates.

      2. On the Certificates page, in the Order # column, select the certificate's order number link.

    2. 订单详情页面的订单状态部分的您需要执行的操作下,单击证明对域的控制权链接。

    3. 证明对域的控制权窗口中的 2.检查令牌下,选择检查

本节内容如下: