Troubleshooting Domain Control Validation
When performing Domain Control Validation (DCV) for partial domains using Universal SSL certificates, you might experience issues with certificate issuance and renewal using HTTP DCV.
If these issues occur while using HTTP DCV, review the following settings:
Cloudflare Firewall Rules: Review your firewall rules to ensure that your rules do not:
- Block requests from the United States
- Block requests from the issuing Certificate Authority’s IP addresses
- Enable interactive challenge on the validation URL
Cloudflare Account Settings and Page Rules: Review your account settings and Page Rules to ensure you have not enabled I’m Under Attack Mode on the validation URL.
Authoritative DNS provider: Check your settings at your authoritative DNS provider to make sure that:
- DNSSEC is configured correctly.
- Your CAA records allow Cloudflare’s partner Certificate Authorities can issue certificates on your behalf.