Certificate for partial cname setup/validation


#1

Hi,

as there seem to be a change in how certificates are verified and documentation seem to fall behind I have some questions/issues.
Previously all certificates could be verified using CNAME records. This had the benefits that you could prepare a new site completely and test it by changing your hosts file to point to CF.

It the recent months (I haven’t seen any mention of this anywhere, nor any documentation) CNAME validation cannot be used. Validation is now only done over HTTP. This means that you cannot issue any certificates in advance, also, you need to run your site over HTTP for the verification to work.

Does anyone now any workarounds for this? I’m finding it hard to persuade to move an existing HTTPS (non -CF) site over to CF and use HTTP while issuing the certificate.

When purchasing a dedicated certificate for $5/month, this certificate CAN be verified using CNAMEs.
What happens if I cancel that subscription? Do I once again need to allow HTTP to get the free certificate?
Or could this be a workaround for the above?

The status is still showing as “pending_validation” eventhough my dedicated certificate is working.
Maybe the free certificate will be issued over HTTPS since HTTP redirects to HTTPS?

"certificate_status": "pending_validation",
"cert_pack_uuid": "121212",
"validation_method": "http",
"validation_type": "dv",
"verification_info": {
	"http_url": "http://www.test.com/.well-known/pki-validation/121212.txt",
	"http_body": "121212"
}

/Per


#2

This topic was automatically closed after 14 days. New replies are no longer allowed.