Certificate Management Service:FAQ about verification of domain name ownership

What do I do if no DNS record value is found?

If you perform domain name ownership verification in the Certificate Management Service console, latency exists. If domain name ownership verification still fails after 1 hour, check whether the Domain Name System (DNS) record is configured as required. For more information about how to perform domain name ownership verification, see Verify the ownership of a domain name.

What do I do if Host Record does not match Record Value in a record?

You can perform the following operations to delete the record on the DNS server and add a new record to the DNS records of the domain name.

1. In the Apply for Certificate panel, click View Record Value.

2. On the Network Detect Tool tab, click OK.

   

3. On the Detailed Results tab, check whether the value displayed in the Analysis Result column is the same as the value of the Record Value parameter in the Apply for Certificate panel.

   

What do I do if the domain name verification process times out?

You can perform the following operations to troubleshoot the issue:

• Check whether an exception occurs in the network of the DNS server. If an exception occurs in the network, fix the exception and perform the domain name verification again.

• Check whether the domain name can be resolved. You can contact your DNS service provider to check whether the domain name can be resolved.

• Check whether the Internet Content Provider (ICP) filing and real-name verification of the domain name are complete. If the ICP filing or real-name verification is not complete, complete the ICP filling and real-name verification of the domain name and perform the domain name verification again.

What do I do if the file verification process times out?

You can perform the following operations to troubleshoot the issue:

• Check whether an exception occurs in the network of the DNS server. If an exception occurs in the network, fix the exception and perform the domain name verification again.

• Check whether port 80 or 443 is enabled on the DNS server. If port 80 or 443 is disabled on the DNS server, enable port 80 or 443 on the DNS server and perform the domain name verification again.

  Important

  If you use the file verification method, you must enable port 80 or 443 on your DNS server. If port 80 or 443 cannot be enabled on your DNS server, you must use the manual DNS verification method. To use the method, go to the Apply for Certificate panel, click Cancel Application, and then change the value of the Domain Verification Method parameter to Manual DNS Verification.

• If you apply for a certificate of a brand other than Chinese brands, such as DigiCert and GlobalSign, make sure that your DNS server can be accessed from regions outside the Chinese mainland. We recommend that you temporarily add the IP address of the certificate authority (CA) to the whitelist of the DNS server to allow the CA to access your DNS server and complete domain name ownership verification. For more information about how to obtain the IP address of a CA, contact your account manager.

  Note

  After the certificate is issued, we recommend that you remove the IP address of the CA from the whitelist to prevent unknown issues from occurring when you apply for another certificate.

What do I do if no file is found?

• Scenario 1: You did not upload the verification file to the verification directory of your DNS server. For more information, see File verification.

• Scenario 2: You uploaded the verification file to the verification directory of your DNS server, and the verification file can be accessed by using the URL specified by the HTTPS Address or HTTP Address parameter. However, the console still displays the No file found message due to latency.

What do I do if the file content is invalid?

You can perform the following operations to troubleshoot the issue:

1. In the Apply for Certificate panel, click View Detected File and record the information about the detected file.

2. Log on to your DNS server and delete the detected file.

   In most cases, the detected file is stored in the Web root directory/.well-known/pki-validation directory.

3. Download the verification file and re-upload the file to the DNS server. For more information, see File verification.