TXT DCV method

​​ Limitations

If your domain is already active with a partial DNS setup — with Cloudflare or another DNS provider — you cannot use a TXT record for DCV. That domain’s TXT record needs to be reserved for forwarding traffic to Cloudflare.

​​ Setup

​​ Specify DCV method

If you want to use a Universal SSL certificate , you will need to edit the validation_method via the API Open external link and specify your chosen validation method.

Alternatively, you could order an advanced certificate via the dashboard or the API.

​​ View DCV values

Once you specify your chosen validation method, you can access the validation values by:

• Going to SSL/TLS > Edge Certificates in the dashboard and clicking a certificate.
• Getting certificate details via the API Open external link , and finding the validation_method and validation_records.

Once you locate your certificate, find the following values:

• API: txt_name and txt_value
• Dashboard: Certificate validation TXT name and Certificate validation TXT value

​​ Update DNS records

At your authoritative DNS provider, create a TXT record named the txt_name and containing the txt_value. Once this TXT record is in place, validation and certificate issuance will automatically complete.

​​ Complete DCV

Once you update your DNS records, you can either wait for the next retry or request an immediate recheck.

To request an immediate recheck, send another PATCH request Open external link with the same validation_method as your current validation method.

​​ Renew DCV tokens

If possible, DCV tokens for proxied hostnames are always renewed via HTTP .

However, some certificates — for example, if you are using wildcard certificates or certificates with multiple SANs or your hostname is not proxied — are not eligible for HTTP validation.

If your certificate is not eligible for HTTP validation, you will need to repeat the DCV process with your chosen method.