With this DCV method, you prove domain control by adding a hash string token as a TXT record to the domain's DNS namespace. The CA periodically checks your domain's DNS looking for the correct token.
Add a DNS TXT record to your domain. Below is an example of AWS Route 53 DNS.
Tip: If you are not able to add the token value to your base domain's DNS record because it already has a TXT record you can create a new TXT record and enter _dnsauth (include the leading underscore) as the host value rather than leaving it blank. The CA will look for the token at example.com and _dnsauth.example.com.
Check your live DNS record for propagation.
Use Google Admin Toolbox Dig to test your new DNS TXT record. If you don't see the token value, either the token is not set up correctly, or the record has not propagated yet. Note the TTL and check again later.
Tip: Use can also use What's My DNS to verify that your new TXT record has propagated globally. Depending on the TTL value it may take some time to show up.
You choose the initial DCV method when placing an SSL/TLS order. You can change the current DCV method - for example, from Email Verification to DNS CNAME - by clicking the button for any domain on the order that is not approved.
Please contact our support team if you have any additional problems or questions.