RRPproxy Homepage
RRPproxy Homepage

Validation Method: Comodo DNS

For this validation method you need to create a CNAME record in the DNS settings of your domain.

To order Comodo SSL Certificates using DNS validation please set the respective parameter "AUTHMETHOD = DNS" in "AddCertificate", "RenewCertificate" and "ReissueCertificate" commands. The data necessary for DNS validation will be returned in the response of the respective command:

  • property[fileauth contents][0]: the first line of the File, the SHA-256-Hash
  • property[fileauth contents][1]: the second line of the File, the URL of the CA Comodo comodca.com
  • property[fileauth contents][2]: the random Hash
  • property[fileauth name][0]: The name of the File, the MD5-Hash

Command

Command=AddCertificate
AuthMethod=DNS

Response

code = 200
property[certificate][0] = CY2757994
property[fileauth contents][0] = 337c212a87093c4c06731b9c974eb848f29afaeb56f17ecb7ada84773779dca4
property[fileauth contents][1] = comodoca.com
property[fileauth contents][2] = 0466b26ba44e6ba5607a
property[fileauth name][0] = 8C7A3B5362E02F8C0EE6222D42345867.txt
property[status][0] = REQUESTED
property[sub][0] = CY2757994-001
property[sub status][0] = ORDER_REQUESTED

Now perform the following steps to properly set up the file for validation:

  • Create a text file named <uppercase MD5>.txt. Important: the file name containing the MD5 hash must be in uppercase!
  • In the first line of the file write the SHA-256 hash.
  • In the second line, write "comodoca.com" (without quotation marks).
  • In the third line insert the Random Hash
  • Put this file on the webserver in the directory /.well-known/pki-validation/

Example

mail.example.com
MD5 Hash: 47cba4dfbe697765f51230e84f04d091
SHA-256 Hash: 5b06bda4ffe784373d6616ab8fcbef17da4549f0623a25f37e128efb0fbf745d
Random Hash: 1f96729172445e721043

Important:

  • The CNAME Record must begin with a leading underscore "_"
  • The SHA-256 Hash needs to be interrupted with a point every 32 characters. Additionally, the Random Hash needs to be separated with a point as well.

The new CNAME record should look as follows:

_47cba4dfbe697765f51230e84f04d091.mail.example.com.  CNAME  5b06bda4ffe784373d6616ab8fcbef1.7da4549f0623a25f37e128efb0fbf745d.1f96729172445e721043.comodoca.com.

Order the certificate

After ordering the certificate you can check its status by issuing the StatusCertificate command. The data for DNS Validation will be returned as well.

Command

Command=StatusCertificate
Certificate=CY2737994

Response

property[certificate][0] = CY2737994
property[fileauth contents][0] = 337c212a87093c4c04681b9c974eb848f29afaeb56f17ecb7ada84773779dca4 comodoca.com 0466b86ba55e6ba5607a
property[fileauth name][0] = 8C7A3B5360E02F8C0EE6222D56215867.txt
property[status][0] = REQUESTED

Wedomains :)