After you submit a certificate application, the certificate authority (CA) verifies the ownership of your domain name and the information in your certificate application. After the certificate application is approved, the CA issues the certificate. The time that is required to issue a certificate varies based on the certificate type. This topic describes the required issuance durations for different types of certificates and how to troubleshoot the issue that a certificate is not issued after a long period of time.
Certificate issuance durations
Certificate type | Issuance duration |
Domain validated (DV) certificate | After you submit a certificate application for a DV certificate, the CA completes review and issuance within 1 to 2 business days if the specified information is correct. Note If a DV certificate is not issued after a long period of time, check whether the Domain Name System (DNS) record is valid. |
Organization validated (OV) or extended validation (EV) certificate | After you submit a certificate application, the CA completes review and issuance within 3 to 7 business days if the specified information is correct and you cooperate with the CA staff during the verification process. Important After you submit a certificate application for an OV or EV certificate, the CA staff calls the mobile phone number that you specify or sends a verification email to the email address that you specify in the certificate application within 1 business day. The time varies based on the location of the CA. Statutory holidays are excluded. We recommend that you answer the phone call or confirm the email from the CA at the earliest opportunity. If you do not receive a phone call or email, contact your account manager. |
If your domain name contains sensitive keywords, such as bank, pay, or live, manual verification may be triggered. The manual verification process may require a long period of time. Wait until the certificate is issued.
View the verification result of domain name ownership
A CA issues a certificate only after the verification of domain name ownership is successful. If the verification fails, you must modify the DNS record of the domain name in a timely manner and submit a certificate application again to pass the domain name verification.
DNS verification (automatic DNS verification or manual DNS verification)
Method 1: View the verification result of domain name ownership in the Certificate Management Service console.
Log on to the Certificate Management Service console.
- In the left-side navigation pane, click SSL Certificates.
In the certificate list, find the required certificate and click Verify in the Actions column.
The following table describes the verification failures that may occur.
Failure
Solution
No DNS record is found.
A mismatch is found in the DNS record.
What do I do if Host Record does not match Record Value in a record?
DNS verification times out.
What do I do if the automatic DNS verification process or manual DNS verification process times out?
Method 2: Run a command on your server to view the verification result of domain name ownership.
Log on to your server.
Run the
dig <DNS record type>
command to view the verification result or run thedig <DNS record type> @8.8.8.8
command to use Google Public DNS to query the DNS record. Example:dig txt demo.aliyundoc.com @8.8.8.8
If the value of the TXT record is returned in the command output and the value is the same as the value of the Record Value parameter that is configured in the Verify Information step of the Apply for Certificate panel in the Certificate Management Service console, the configuration of your DNS record is valid and in effect. If the values are different, you must change the value of the TXT record in the system of your DNS provider to the value of the Record Value parameter.
If the value of the TXT record is not returned in the command output, the configuration of your DNS record may be invalid or fail to take effect. If the configuration of your DNS record is invalid, change the value of the TXT record in the system of your DNS provider to the value of the Record Value parameter. If the configuration fails to take effect after a long period of time, contact your DNS provider.
NoteYou can run the
yum -y install bind-utils
command to install dig on Linux.
File verification
Log on to the Certificate Management Service console. In the certificate list, find the required certificate and click Verify in the Actions column. In the Apply for Certificate panel, click Verify to view the verification result.
The following table describes the verification failures that may occur.
Failure | Solution |
File verification times out. | |
No file is found. | |
File content is invalid. | |
Other | The verification result may also be affected by verification URL addresses.
|