Troubleshooting DNS Domain Control Validation Issues

For some orders you can make a DNS entry to complete domain control validation. If the order is not validating the following steps can help identify the issue.

Check if the domain is using a CNAME
If the domain you are trying to validate is using a CNAME (other than the validation CNAME) then DNS validation can not be complete. This could be the base domain, the www record or any sub-domain included within the certificate. You can either remove the CNAME or amend it to an A record until the validation is completed.

Check the DNS record is live
You can verify the DNS record is live using and selecting DNS Lookup. Enter the domain record and Choose TXT for record type if validation a RapidSSL, Geotrust, Thawte or Symantec order or CNAME for Comodo orders.

Check the record is on the correct sub-domain
The DNS record should always be placed on the base domain not any sub-domain records.

Check the record has not expired
The string provided to add to DNS is only valid for 7 days. If the DNS string was added 7 days after it was generated or the validation has not completed after 7 days then the string will have expired and a new one will need to be generated. At this time you will need to cancel the order and restart a new order to achieve this.

Related Articles