Certificate Management Service:FAQ about verification of domain name ownership

What do I do if no DNS record value is found?

If you perform domain name verification in the Certificate Management Service console, latency exists. If domain name verification still fails after 1 hour, check whether the Domain Name System (DNS) record is configured as required. For more information about how to perform domain name verification, see Verify the ownership of a domain name.

What do I do if Host Record does not match Record Value in a record?

You can perform the following operations to delete the record on the DNS server and add a new record to the DNS records of the domain name.

1. In the Apply for Certificate panel, click View Detected DNS Record.

2. In the dialog box that appears, view Detected DNS Record and DNS Record to Add.

3. Log on to the DNS server and delete the value of Detected DNS Record.

   The following example demonstrates how to delete a record value in the Alibaba Cloud DNS console.

   1. Log on to the DNS console.

   2. On the Domain Name Resolution page, find and click the domain name that is bound to the certificate.

   3. On the DNS Settings page, find the record value that you want to delete and click Delete in the Actions column.

4. On the DNS Settings page, add a new record to the DNS records of the domain name. In this case, you must use the value of DNS Record to Add. You can add a record based on the example provided for the manual DNS verification method. For more information, see Manual DNS verification.

What do I do if the domain name verification process times out?

You can perform the following operations to troubleshoot the issue:

• Check whether an exception occurs in the network of the DNS server. If an exception occurs in the network, fix the exception and perform the domain name verification again.

• Check whether the domain name can be resolved. You can contact your DNS service provider to check whether the domain name can be resolved.

• Check whether the Internet Content Provider (ICP) filing and real-name verification of the domain name are complete. If the ICP filing or real-name verification is not complete, complete the ICP filling and real-name verification of the domain name and perform the domain name verification again.

What do I do if the file verification process times out?

You can perform the following operations to troubleshoot the issue:

• Check whether an exception occurs in the network of the DNS server. If an exception occurs in the network, fix the exception and perform the domain name verification again.

• Check whether port 80 or 443 is enabled on the DNS server. If port 80 or 443 is disabled on the DNS server, enable port 80 or 443 on the DNS server and perform the domain name verification again.

  Important

  If you use the file verification method, you must enable port 80 or 443 on your DNS server. If port 80 or 443 cannot be enabled on your DNS server, you must use the manual DNS verification method. In the Apply for Certificate panel, click Cancel Application and change the value of Domain Verification Method to Manual DNS Verification.

• If you apply for a certificate of a brand other than Chinese brands, such as DigiCert and GlobalSign, make sure that your DNS server can be accessed from outside the Chinese mainland. We recommend that you temporarily add the IP address of the certificate authority (CA) to the whitelist of the DNS server to allow the CA to access your DNS server and complete domain name verification. For more information about how to obtain the IP address of a CA, contact your account manager.

  Note

  After the certificate is issued, we recommend that you remove the IP address of the CA from the whitelist to prevent unknown issues from occurring when you apply for another certificate.

What do I do if no file is found?

• Scenario 1: You did not upload the verification file to the verification directory of your DNS server. For more information, see File verification.

• Scenario 2: You uploaded the verification file to the verification directory of your DNS server, and the verification file can be accessed by using a URL over HTTPS Address and HTTP Address. However, the console still displays the No file found. message due to latency.

What do I do if the file content is invalid?

You can perform the following operations to troubleshoot the issue:

1. In the Apply for Certificate panel, click View Detected File and record the information about the detected file.

2. Log on to your DNS server and delete the detected file.

   In most cases, the detected file is stored in the Web root directory/.well-known/pki-validation directory.

3. Download the verification file and re-upload the file to the DNS server. For more information, see File verification.