The DNS record returned in the API response contains the date and a unique random string derived from the CSR and must be stored in a TXT - record:
- example.com IN TXT 20170727094628k5loo039okyyz1jlrde57ku091h1og39uv6enkzo1v265graqw
The DNS record must always be stored at the main domain, not at sub-domains. For SAN SSL certificates, the TXT record for DNS based validation must be stated for all respective main domain(s), but not for sub-domains.
Exemplary domains in CSR
These require 3 TXT records at main domain level
- example.com IN TXT <string>
- example.net IN TXT <string>
- example.org IN TXT <string>
The <string> is identical for these domains, it is generated of the CSR and is returned via API.