Add and validate a domain using email to DNS CAA record contact

Add a domain to CertCentral and validate it by sending a DigiCert authorization email to the address specified in the domain's DNS CAA record.

Before you begin

Complete the one-time CertCentral Settings configuration for this method. See Validate domains using email validation methods.
You must have access and permission to modify the domain's DNS records.
At least one organization must exist in your CertCentral account before adding a domain. See Add an organization to CertCentral.
You must be an administrator to update CertCentral account preferences.

Step I: Set up the DNS CAA record contact

Add a contact email to the domain's CAA record with no additional padding or structure:
```
yourdomain CAA 0 contactemail "admin@yourdomain.com"
```

Notice

The Org/Tech/Admin contacts from DNS TXT option applies to both the DNS TXT record contact and the DNS CAA record contact methods.

Step II: Add the domain and submit for validation

In the CertCentral main menu,
- For Enterprise, Partner, or Legacy accounts: go to Certificates > Domains.
- For Subscription accounts: go to Validation > Domains.
On the Domains page, select New Domain.
On the New Domain page, under Domain Details, enter the following:
- Domain Name: Enter the domain you want to validate.
- Organization: Select the organization to assign the domain to.
Under Domain control validation (DCV) method, select Verification Email.
In the DCV Email Language menu, select the language for the confirmation email.
Select Choose address and in the Choose address window, select the email addresses you want the confirmation email sent to.
Select Submit for validation.

DigiCert sends the verification email from no-reply@digitalcertvalidation.com to the addresses you selected. The domain is validated when the email recipient selects the link in the email and follows the instructions on the domain approval page.

Common configuration issues

No CAA record exists for the domain. Confirm the CAA record is configured before submitting.
The CAA record does not contain a valid contact email address. The contactemail field must contain a valid, monitored email address.
The contact email address is not monitored. Use a distribution list to ensure the message is not missed.
Email security tools quarantine the authorization message. Add digitalcertvalidation.com to your allowlist.

What's next

Add and validate a domain using constructed email addresses if your domain has standard administrative email aliases configured

本节内容如下: