Cloudflare Docs
Visit SSL/TLS on GitHub
Set theme to dark (⇧+D)

Troubleshooting Domain Control Validation

When performing Domain Control Validation (DCV) for partial domains using Universal SSL certificates, you might experience issues with certificate issuance and renewal using HTTP DCV.

If these issues occur while using HTTP DCV, review the following settings:

  • Anything affecting /.well-known/*: Review firewall rules and other configuration rules to make sure no Cloudflare settings are targeting your zone’s path for /.well-known/*.

  • Cloudflare Firewall Rules: Review your firewall rules to ensure that your rules do not enable interactive challenge on the validation URL

  • Cloudflare Account Settings and Page Rules: Review your account settings and Page Rules to ensure you have not enabled I’m Under Attack Mode on the validation URL.

  • Authoritative DNS provider: Check your settings at your authoritative DNS provider to make sure that:

  • The HTTP verification process is done preferably over IPv6, so if any AAAA record exists and does not point to the same dual-stack location as the A record, the validation will fail.