Versions Compared

Old Version 92

changes.mady.by.user Kent Engström

Saved on

compared with

New Version 93

changes.mady.by.user Kent Engström

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

There are multiple steps in this process. This is how you add the doman domain example.org:

  1. Make sure that you are not having CAA records in your DNS zone that forbids Sectigo from issuing certificates for the domain. If that is the case, domain validation will fail too. Having no CAA records is OK, as is having CAA records mentioning "sectigo.com" as approved.
  2. Go to Settings → Domains → Delegations and press the Add button. Fill in the domain name (example.org) and the optional description. Select the type of certificates (SSL, client, CS) that should be enabled for this domain. For your main domain you would typically enable all of them, but for most additional domains you would only enable SSL certificates. If you have set up Departments and this domain should be delegated to the DRAOs of that department, expand the selection line and enable the domain for the right department and the appropriate types too.
  3. Use Add again, embrace the cargo cult, and redo exactly the same step for the domain name with "*." prepended to it (*.example.org in our example).
  4. Wait for a SUNET MRAO to approve your domain delegations. Unfortunately, this step is necessary at this time, but we have asked Sectigo to remove it. When this is done, the delegation status will be Approved and you can proceed to the next step.
  5. Switch from the Delegations to the DCV tab.  Click on the the right line to check it, and use the DCV button that appears to initiate DCV. Select method:
    • Email means that your select one of the five allowed addresses for the domain, and then receive and handle an email sent to that address. For our example, it would be one of "admin@example.org", "administrator@example.org", "hostmaster@example.org", "postmaster@example.org" or "webmaster@example.org".
    • CNAME means that you will be instructed to put a CNAME record with a hash value name in your DNS zone, pointing to another hash value. The system will tell you the values. Please verify using an external resolver that the CNAME record is in place and externally visible.
    • HTTP/HTTPS means that you will be instructed to put certain contents in a file with a certain name on the web server for your domain name.
  6. Follow the instructions for the method you selected. 
  7. When the validation is OK, you will see Validation Status as Validated in the DCV tab. In the Delegations tab, the domain itself should also be shown as Validated. The extra record with "*." prepended will still show as Not Validated for some time (hours to a day) and will then be updated to be Validated too.
  8. You are now ready to use this domain and its subdomains for certificate requests. You do not have to wait for the "*"-prepended domain to be shown as Validated.

...