Domain Control Validation for SSL Cert

I’ve got a new SSL cert from my SSL Cert Provider and I need to enter a CNAME entry with the SHA-256 hash and the MD5 HASH as a CNAME to verify domain control. Cloudflare keeps throwing errors.

From my cert provider:
The format of the CNAME will be: ‘_’ .Authorization Domain Name CNAME .[.]comodoca.com

Examples:
CNAME _678C66DGDFGFB44EC7EBA1EA56.example.com

CNAME AA833AD0A1032CCD8D9766264BA4F351D294D52FF4986208D51E91A658D008FD.comodoca.com

The CNAME (first part) shouldn’t have the .example.com when you enter it into DNS here.
The second part gets entered in its entirety for the Value.

Thanks, the first one worked but the second one throws this error! I put the value in both fields just to see what would happen and got the same error37%20AM|563x67

52%20AM

It’s supposed to be only one entry. My rectangle goes in the first box. My oval goes in the second box.

same result

Is there a space at the end? Are there any other odd characters in the value?

By the way, you shoud click the :orange: to make that subdomain :grey:.

no spaces, nothing weird, idk…

Interesting…apparently that hostname is too long. Better check with Comodo what the deal is.

1 Like

Seems one character too many. IIRC 63 is the maximum, this string is 64 characters.

Could the A at the beginning have been doubled?

2 Likes

what I posted here are not my real values! I have the correct values from comodo in my fields. I guess these values are of no use to anyone so here are the real values

MD5: 516C666F2FDA9825C6B44EC7EBA1EA56
SHA-256: AA833AD0A1032CCD8D9766264BA4F351D294D52FF4986208D51E91A658D008FD.comodoca.com

I get the same error on my mac:
DWM-13-MacBook-Pro:OpenSSL david.mundt$ host AA833AD0A1032CCD8D9766264BA4F351D294D52FF4986208D51E91A658D008FD.comodoca.com

host: ‘AA833AD0A1032CCD8D9766264BA4F351D294D52FF4986208D51E91A658D008FD.comodoca.com’ is not a legal name (label too long)

DWM-13-MacBook-Pro:OpenSSL david.mundt$

That value is the same as the one you posted initially.

Also, MD5, SHA256?

That seems to be what Sectigo’s documentation calls them (and what they are):

https://support.sectigo.com/articles/Knowledge/Alternative-Methods-of-Domain-Control-Validation-DCV-Summary

From a user’s perspective, for most purposes, they might as well be opaque random numbers…

Edit: It looks like Sectigo lets you put a . in the middle of the SHA-256 hash, so it’s two legal 32-byte labels instead of one illegal 64-byte label.

I got it sorted through guidance from comodo/sectigo… Somehow the SHA256 hash I had was incorrect. Thanks for your help. The end result was all on one line

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.