Before a certificate authority (CA) will issue a certificate for a domain, the requester must prove they have control over that domain. This process is known as domain control validation (DCV).
- The hostname is pointing to the SaaS provider.
- The hostname’s traffic is proxying through the Cloudflare network.
If your custom hostnames do not meet these requirements, use another validation method.
Wildcard custom hostnames require TXT-based validation. As the SaaS provider, you have two options for wildcard custom hostname certificate renewals:
If you want to minimize downtime, explore one of the following methods to issue and deploy the certificate before onboarding your customers:
- : Place a one-time record at your authoritative DNS that allows Cloudflare to auto-renew all future certificate orders.
- : Have your customers add a
TXTrecord to their authoritative DNS.
- : Add a
TXTrecord at your origin.