DNS CNAME Creation/Validation Fails

  • I have been beating my head against the wall trying to get the certificate validation working where GoDaddy is the DNS host. The AWS plugin instructs the user to create a DNS CNAME record where the Name is something like;

    _683f10ed6283cd12a123456fd5874d4.www.myexample.com

    When I used the full Name string as supplied by the plugin in the CNAME record it would never validate.

    What I found is that GoDaddy automatically appends the root domain to the CNAME record’s name. I was able to confirm that this was the issue by using a tool like the mxtoolbox.com SuperTool by doing a CNAME lookup on (note that the root domain is now entered twice);

    _683f10ed6283cd12a123456fd5874d4.www.myexample.com.myexample.com

    and this CNAME record is found.

    To fix this problem, when creating the CNAME record in GoDaddy you don’t include the root domain in the Name string supplied by the plugin so I actually needed to enter;

    _683f10ed6283cd12a123456fd5874d4.www

    Since I was working with a remote net-admin to make the DNS change I don’t know if the GoDaddy page had instructions to omit the domain name portion but I imagine a lot of web developers rely on others to make DNS updates so it’s easy to see where the disconnect can happen.

    I have no idea if this is only a GoDaddy issue or if other DNS hosts do the same thing but I’m posting this problem/solution so maybe other users don’t have to go through what I went through.

    Maybe the plugin could be made more robust by checking for a CNAME record with either the Name provided or with the domain appended to the Name provide.

Viewing 2 replies - 1 through 2 (of 2 total)

  • You can remove the domain name at the end of the name, which will fix this issue for GoDaddy. I am on IONOS and ran into the same issue, but I’m still getting the time-out error message after removing the domain name and saving the CNAME record. I’m really frustrated! Do you have any suggestions for another problem that could cause the time-out? I’m going to keep looking.

    Thread Starter hollidayjay

    (@hollidayjay)

    Hi ddapson, I also noticed that the certificate in the CNAME record “value” expired in under 12 hours rather than the 72 hours documented so once I fixed the CNAME record the verify still failed for me too. To fix that, I hit the button to start over and generated new CNAME record values, then I updated DNS again and the validation ran OK. There is a catch-22 in this because if the certificate goes away in under 12 hours but the CNAME record change can take up to 24 hours to propagate you may never be able to successfully validate. As much as I dislike GoDaddy, the DNS record change was available within an hour for me.

    It’s also worth mentioning that when I regenerated the CNAME record, the value may not have changed but I didn’t keep the old value to compare so I’m going by memory and could be wrong. If that’s the case hitting the button to start over may have just recreated the certificate for another 12 hours in which case the catch-22 doesn’t exist and the existing CNAME change would still be OK and you could validate immediately after hitting the button to start over. I hope that helps, it was very frustrating trying to get that working.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘DNS CNAME Creation/Validation Fails’ is closed to new replies.