For some orders you can make a DNS entry to complete domain control validation. If the order is not validating the following steps can help identify the issue.Check if the domain is using a CNAME
If the domain you are trying to validate is using a CNAME (other than the validation CNAME) then DNS validation can not be complete. This could be the base domain, the www record or any sub-domain included within the certificate. You can either remove the CNAME or amend it to an A record until the validation is completed.Check the DNS record is live
You can verify the DNS record is live using www.dnsstuff.com/tools
and selecting DNS Lookup. Enter the domain record and Choose TXT for record type if validation a RapidSSL, Geotrust, Thawte or Symantec order or CNAME for Comodo orders.Check the record is on the correct sub-domain
The DNS record should always be placed on the base domain not any sub-domain records.Check the record has not expired
The string provided to add to DNS is only valid for 7 days. If the DNS string was added 7 days after it was generated or the validation has not completed after 7 days then the string will have expired and a new one will need to be generated. At this time you will need to cancel the order and restart a new order to achieve this.