Cloudflare Docs
SSL/TLS
SSL/TLS
Edit this page on GitHub
Set theme to dark (⇧+D)

Changes to HTTP DCV

After October 21, 2021, you will no longer be able to issue new wildcard certificates or validate existing certificates up for renewal using HTTP Domain Control Validation (DCV).

If you are affected by this change, you should have also received an email from Cloudflare.

​​ What is affected?

​​ Advanced certificates

This change affects customers using Advanced certificates for wildcard certificates or certificates with multiple SANs.

If your application uses a full setup or already uses another method of DCV, you do not need to make any changes. Cloudflare will complete TXT DCV on your behalf

If your application uses a partial (CNAME) setup, wildcard certificates, and HTTP DCV validation, you will need to change your DCV method to either TXT or Email.

​​ SSL for SaaS

This change also affects SSL for SaaS customers who use HTTP DCV validation for wildcard certificates.

Update your DCV method to TXT and provide the TXT validation tokens to your customers so they can add it to their DNS.

If you do not make a change, Cloudflare will automatically change your DCV method to TXT and send your customer tokens to you 30 days before the certificates expire.

​​ Why is this change happening?

The Certificate Authority/Browser forum voted against using HTTP-based validation to prove ownership before issuing wildcard certificates. As a result of that decision, DigiCert and other CAs will be implementing the change on November 15, 2021.