CNAME
If you use Digicert as your Certificate Authority (CA), you can complete DCV with a special CNAME record.Limitations
Based on your chosen Certificate Authority, you may not be able to use CNAME verification with advanced certificates .
Selecting Let’s Encrypt as a CA limits a certificate to a TXT Certificate validation method, 90 days for the Certificate Validity Period, two host entries (one for the zone name and one for the subdomain wildcard of the zone name, such as example.com and *.example.com).
If using the API to order your certificate, this action also defaults cloudflare_branding to false.
Setup
Specify DCV method
If you want to use a Universal SSL certificate
, you will need to edit the validation_method via the API and specify your chosen validation method.
Alternatively, you could order an advanced certificate via the API.
In either case, you would need to set a "validation_method":"cname" parameter.
View DCV values
Once you specify your chosen validation method, you can access the validation values by:
- Going to SSL/TLS > Edge Certificates in the dashboard and clicking a certificate.
- Getting certificate details via the API, and finding the
validation_methodandvalidation_records.
Specifically, you should be looking for the cname and cname_target (you can also see these values in the dashboard by clicking that specific hostname certificate). Then, use these values to add a CNAME record at your authoritative DNS provider.
Complete DCV
Once you update your DNS records, you can either wait for the next retry or request an immediate recheck.
To request an immediate recheck, send another PATCH request with the same validation_method as your current validation method.
Renew DCV tokens
If possible, DCV tokens for proxied hostnames are always renewed via HTTP .
However, some certificates — for example, if you are using wildcard certificates or certificates with multiple SANs or your hostname is not proxied — are not eligible for HTTP validation.
If your certificate is not eligible for HTTP validation, you will need to repeat the DCV process with your chosen method.