Products
Discover
Help Center
  • GoDaddy Community
  • SSL And Security

    • SSL And Security

    cancel
    Turn on suggestions
    Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
    Showing results for 
    Show  only  | Search instead for 
    Did you mean: 
    Go to solution
    wk2
    New
    ‎03-21-2017 11:36 AM
    ‎03-21-2017 11:36 AM

    SSL Domain Verification with DNS

    Hello,

     

    I recently renewed a wildcard cert with godaddy and they need me to verify domain ownership (since it's not hosted with godaddy). Fine, no problem, I've done this lots in the past with other certificates, however this time it wants me to create an "@ TXT" DNS record with the Unique ID for verification -- The problem, our "@ TXT" DNS record is our SPF record, and I'm not removing our SPF record to validate domain ownership.

     

    In the past we have used a "DZC TXT" entry, but now we are told to create an "@ TXT" entry. Why has this changed? Do they not realize people use "@ TXT" for SPF records?

     

    I tried adding the Unique ID as a DZC record, but validation is still failing. Any ideas?

     

    Thanks.

    Product:
    1 ACCEPTED SOLUTION
    wk2
    New
    In response to JHasselbring
    ‎03-21-2017 05:04 PM
    ‎03-21-2017 05:04 PM

    No. The @ symbol references the root domain, so @ TXT is the default TXT record for the root domain. SPF records are now kept in this entry since the SPF DNS record was deprecated. Multiples of this can't exist, which is probably why they used DZC in the past.

     

    In the end I just changed the @ record to the Unique ID, waited for the system to verify the record, then changed it back to my SPF record. Really kind of annoying that they changed this.

    View solution in original post

    10 REPLIES 10
    JHasselbring
    Helper VI Helper VI
    Helper VI
    ‎03-21-2017 02:01 PM
    ‎03-21-2017 02:01 PM

    Are you not able to add another one?

    ~Jan Mykhail Hasselbring Web Administrator @ fullstackwebsolution.com
    wk2
    New
    In response to JHasselbring
    ‎03-21-2017 05:04 PM
    ‎03-21-2017 05:04 PM

    No. The @ symbol references the root domain, so @ TXT is the default TXT record for the root domain. SPF records are now kept in this entry since the SPF DNS record was deprecated. Multiples of this can't exist, which is probably why they used DZC in the past.

     

    In the end I just changed the @ record to the Unique ID, waited for the system to verify the record, then changed it back to my SPF record. Really kind of annoying that they changed this.

    View solution in original post

    silentreproach
    New
    In response to wk2
    ‎03-28-2017 05:51 AM
    ‎03-28-2017 05:51 AM

    You can make as many "@ TXT" records as you want, I do it all the time. For example, domain verification when provisioning Office 365.

     

    For TXT records, @ is used most of the time, even when multiple TXT records are present. You do not need to remove your SPF record, go ahead and create the additional TXT record!

     

    Once the domain is verified, you can remove it.

    JHasselbring
    Helper VI Helper VI
    Helper VI
    In response to silentreproach
    ‎03-28-2017 06:14 AM
    ‎03-28-2017 06:14 AM

    @silentreproach,

     

    Exactly... But you know, some people rather do things the hard way.

    ~Jan Mykhail Hasselbring Web Administrator @ fullstackwebsolution.com
    pete473
    New
    In response to JHasselbring
    ‎04-05-2017 05:33 PM
    ‎04-05-2017 05:33 PM

    The original poster did not specify exactly how s/he is maintaining DNS records; however, I stumbled across this thread since I ran into a similar issue.  We use AWS' Route 53 service to maintain our DNS records and using that service you cannot create as many "@ TXT" records as you'd like - at least not in a way that is obvious to novices like myself.  At least for me, I did not have to delete the SPF info from my existing "@ TXT" record but rather was able to add the "Unique ID" on a separate line in the value field for the existing "@ TXT" record in the Route 53 console interface.  In the console view this ends up looking like a single "@ TXT" record with multiple values which is perhaps the same thing as other posters have referenced as multiple "@ TXT" records?   In any case, this allowed the GoDaddy domain verification to succeed.

    mbsdfjghsdfs455
    New
    In response to pete473
    ‎05-27-2017 10:48 AM
    ‎05-27-2017 10:48 AM

    Thanks for this: saved me having to think for myself. 😉

    0 Kudos
    Steelbros13
    New
    In response to pete473
    ‎12-12-2018 10:04 AM
    ‎12-12-2018 10:04 AM

    You just saved me so much time

    bdhtechnology
    New
    ‎11-04-2017 07:02 AM
    ‎11-04-2017 07:02 AM

    Hello-

    I am having issues verifying a wildcard certificate via DNS.  I have added the appropriate TXT record but it is still not working.  I tried just @domain.com and dzc.domain.com  Is there something different that needs to be done with wildcard certificates?

    0 Kudos
    vikchaudhary
    New
    In response to bdhtechnology
    ‎02-11-2018 09:16 PM
    ‎02-11-2018 09:16 PM

    Not all DNS Managers allow entering a name "@" for a TXT record. Ex. Linode's DNS Manager does not allow you to add "@" for TXT records, and you have to leave the name field blank. You might want to try that -- I did and it works.

    Dossier, an app to organize customer conversations
    https://www.dossier.work
    vidahealthcare
    New
    In response to vikchaudhary
    ‎06-04-2018 04:24 AM
    ‎06-04-2018 04:24 AM

    Hi,

     

    I am unable to use "@" or leave it blank - do you know what I should use for the name (host) field instead? The domain name doesn't seem to be working. 

     

    Thanks

    Vic

     

     

    0 Kudos

    You may also like...