cancel
Showing results for 
Search instead for 
Did you mean: 
Go to solution
New

SSL Domain Verification with DNS

Hello,

 

I recently renewed a wildcard cert with godaddy and they need me to verify domain ownership (since it's not hosted with godaddy). Fine, no problem, I've done this lots in the past with other certificates, however this time it wants me to create an "@ TXT" DNS record with the Unique ID for verification -- The problem, our "@ TXT" DNS record is our SPF record, and I'm not removing our SPF record to validate domain ownership.

 

In the past we have used a "DZC TXT" entry, but now we are told to create an "@ TXT" entry. Why has this changed? Do they not realize people use "@ TXT" for SPF records?

 

I tried adding the Unique ID as a DZC record, but validation is still failing. Any ideas?

 

Thanks.

10 REPLIES 10
Helper VI Helper VI
Helper VI

Re: SSL Domain Verification with DNS

Are you not able to add another one?

~Jan Mykhail Hasselbring Web Administrator @ fullstackwebsolution.com
New
Solution

Re: SSL Domain Verification with DNS

No. The @ symbol references the root domain, so @ TXT is the default TXT record for the root domain. SPF records are now kept in this entry since the SPF DNS record was deprecated. Multiples of this can't exist, which is probably why they used DZC in the past.

 

In the end I just changed the @ record to the Unique ID, waited for the system to verify the record, then changed it back to my SPF record. Really kind of annoying that they changed this.

Re: SSL Domain Verification with DNS

You can make as many "@ TXT" records as you want, I do it all the time. For example, domain verification when provisioning Office 365.

 

For TXT records, @ is used most of the time, even when multiple TXT records are present. You do not need to remove your SPF record, go ahead and create the additional TXT record!

 

Once the domain is verified, you can remove it.

Helper VI Helper VI
Helper VI

Re: SSL Domain Verification with DNS

@silentreproach,

 

Exactly... But you know, some people rather do things the hard way.

~Jan Mykhail Hasselbring Web Administrator @ fullstackwebsolution.com

Re: SSL Domain Verification with DNS

The original poster did not specify exactly how s/he is maintaining DNS records; however, I stumbled across this thread since I ran into a similar issue.  We use AWS' Route 53 service to maintain our DNS records and using that service you cannot create as many "@ TXT" records as you'd like - at least not in a way that is obvious to novices like myself.  At least for me, I did not have to delete the SPF info from my existing "@ TXT" record but rather was able to add the "Unique ID" on a separate line in the value field for the existing "@ TXT" record in the Route 53 console interface.  In the console view this ends up looking like a single "@ TXT" record with multiple values which is perhaps the same thing as other posters have referenced as multiple "@ TXT" records?   In any case, this allowed the GoDaddy domain verification to succeed.

Re: SSL Domain Verification with DNS

Thanks for this: saved me having to think for myself. Smiley Wink

Wildcard Certificate DNS Verification

Hello-

I am having issues verifying a wildcard certificate via DNS.  I have added the appropriate TXT record but it is still not working.  I tried just @domain.com and dzc.domain.com  Is there something different that needs to be done with wildcard certificates?

Re: Wildcard Certificate DNS Verification

Not all DNS Managers allow entering a name "@" for a TXT record. Ex. Linode's DNS Manager does not allow you to add "@" for TXT records, and you have to leave the name field blank. You might want to try that -- I did and it works.

Dossier, an app to organize customer conversations
https://www.dossier.work

Re: Wildcard Certificate DNS Verification

Hi,

 

I am unable to use "@" or leave it blank - do you know what I should use for the name (host) field instead? The domain name doesn't seem to be working. 

 

Thanks

Vic

 

 

Re: SSL Domain Verification with DNS

You just saved me so much time