Knowledge Base

Summary 

This guide explains how to diagnose and resolve SSL certificate domain control validation (DCV) failures when using CNAME record validation during SSL issuance through Sectigo. These issues typically occur when DNS are incorrect, causing delays in certificate issuance. 

Symptoms 

You may be experiencing this issue if you notice: 

Cause 

This error is typically caused by: 

Solution 

Follow these steps to resolve the issue: 

1. Verify the CNAME Record 

Check with the host and values provided by Sectigo. Ensure the record matches exactly, including any required trailing dots. 

Use tools like dig, nslookup, or online DNS checkers (e.g., DNSChecker, WhatIsMyDNS) to confirm the record is publicly visible.  

2. Check DNS Propagation 

DNS changes can take up to 24–48 hours to propagate globally. Wait and recheck after this period. If delays persist, contact your DNS provider for assistance. 

3. Validate Unique Value 

If Sectigo provides a unique value for the CNAME record, ensure it is correctly updated in your DNS settings. 

4. Confirm Trailing Dot 

Missing a dot at the end of sectigo.com can cause DNS to append your domain suffix, resulting in an incorrect value. 

Additional Tip 

If CNAME or HTTP validation continues to fail, consider switching to Email-based DCV as an alternative method. 

Related Articles:  How to complete DV using CNAME method? | Sectigo® Official

Tags: