What is the difference between hostname and certificate validation?

For custom hostname traffic to be successfully proxied through cloudflare two things are required:

  • hostname validation
  • certificate validation

you can read about this here → Configuring Cloudflare for SaaS · Cloudflare for Platforms docs

I understand that hostname validation is for cloudflare verify that the domain is indeed owned by the customer, to validate this I provide the customer with a txt record to add to their dns. The second item, certificate validation, also uses another txt record to again verify the domain is owned by our customer - this validation is for a CA to issue the ssl cert
My question is why does cloudflare bother with their own hostname validation when cert validation is already required for the CA? What’s happening differently behind the scenes such that one can’t imply the other?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.