This DCV method applies only to Sectigo and PositiveSSL orders.
It's the responsibility of the Certification Authority (CA) to verify that the entity requesting a cert (you) has the right to use the domains in the cert. One way to prove this is by adding a DNS CNAME record. Ordinarily, A Canonical Name (abbreviated as CNAME) record maps one domain name to another but it can also be used by CAs as a way to verify that you have domain control.
Domain Control Validation (DCV) by DNS CNAME requires the creation of a unique CNAME record that points back to Sectigo.
_8DA14D435F7042B71E212832EBFFD76B(these are example values only, yours will be different)
Now that you have added a new CNAME record it's time to do a DNS lookup. Use can use What's My DNS to verity that your new CNAME record has propagated. Depending on the TTL value it may take some time to show up.
You'll need to check for a CNAME record at the full FQDN:
_8DA14D435F7042B71E212832EBFFD76B.geocerts.net (yours will be different)
Sectigo will automatically begin scans of your DNS records immediately after you enroll for an SSL certificate. If Sectigo does not find the required CNAME record their system will continue to check periodically until it receives the correct response.
Please contact our support team if you have any additional problems or questions.