Skip to content

CNAME Based Validation

CNAME DNS validation is the proof of establishing your control of the domain name for which you are requesting SSL.

You should add an unique CNAME record to your DNS configuration to complete domain validation.

Please check below example of GoDaddy DNS.

 

Log in to your GoDaddy portal and access Domain Settings.

----------------------------------------------------------------------------------------------------------

Click Manage DNS

----------------------------------------------------------------------------------------------------------

Then, click ADD

 ----------------------------------------------------------------------------------------------------------

Select CNAME in the drop down

----------------------------------------------------------------------------------------------------------

If your CSR hashes are,

MD5          571DDFFF2C65E97CF181FE7567953E2C
SHA256    86C402D4044F1EC9D638DF0735A4C21FC7AB6B0408D1B5

Sample CNAME with your CSR Hashes
_571DDFFF2C65E97CF181FE7567953E2C.thessllock.com.
86C402D4044F1EC9D638DF0.735A4C21FC7AB6B0408D1B5.sectigo.com.

Copy & Paste below hash in Host field

_571DDFFF2C65E97CF181FE7567953E2C.thessllock.com.

Copy & Paste below hash in Points to field

86C402D4044F1EC9D638DF0.735A4C21FC7AB6B0408D1B5.sectigo.com .

Click Save

 

Sometimes your CSR hashes will contain an additional field called uniqueValue as below

MD5  44209B1F7CD578B245E3A6F462DFADD4
SHA256  DE92A59F37314172F347127AD66A23A264E1D8A2026F
uniqueValue  aHXEOOEh

 Sample CNAME with your CSR Hashes
_44209B1F7CD578B245E3A6F462DFADD4.thessllock.com.
DE92A59F37314172F34712.7AD66A23A264E1D8A2026F.aHXEOOEh.sectigo.com.

Copy & Paste below hash in Host field

_44209B1F7CD578B245E3A6F462DFADD4.thessllock.com.

In this case, Points to field should be entered as below

DE92A59F37314172F34712.7AD66A23A264E1D8A2026F.aHXEOOEh.sectigo.com.

 

Note: The “.” after the “.com” also should be included but depending on the web hosting company it may not be required.

The presence of this CNAME DNS record is checked, and if found, domain control is proven.
**PLEASE-When copy-pasting the hashes make sure there are “NO SPACES” (blank spaces before or after the hashes) caught.**
When creating the DNS CNAME record over at your web-hosting company, there will 3 entries:

  1. The “Hostname” which correlates to the first hash [MD5] “_.HASH_DOMAIN.COM.”
  2. The “Alais to or directed to” which correlates to the second hash [Sha256] “<SHA-256 hash>.[<uniqueValue>.]comodoca.com”
  3. The Time to live [TTL], which you need to leave at the default value set by the web-hosting company.