Docs
ussl
FAQ
Trustasia Free/DV Certificate Verification FAQs

Trustasia Free/DV Certificate Verification Common Questions

After purchasing the Trustasia Free/DV certificate, you need to verify the ownership of the domain name. Verification methods: DNS verification (recommended method), file verification; once the certificate is issued, the added DNS record can be deleted.

DNS verification: Add DNS resolution in the domain management platform

File verification: Add content in a fixed directory on the server, refer to: https://docs.ucloud.cn/ussl/operate/fill**

1. Clicking on the “Verify” button on the Trustasia Free/DV certificate console results in an error/mismatch

Answer: The “Verify” button on the console is only a tool to assist customers in verification and is not the final basis for certificate issuance. Whether the DNS resolution configuration of the customer is correct can be confirmed by manual resolution.

2. How to manually resolve and check if the DNS resolution configuration is correct?

Answer: you can verify it with a shell command on the local client, nslookup -q=CNAME record value.primary domain. For example:

The command for TXT type resolution is: nslookup -q=TXT host record.primary domain

3. DNS resolution has been successfully configured, but the manual command does not resolve to the corresponding value

Answer: 1. Compare whether the prompt information on the console and the values added on the domain resolution platform correspond one to one. Special note: It is often found that the domain name purchased by the customer does not correspond to the domain name for which the resolution has been added

Error example: The domain name for the purchased certificate is: www.demon.com, the domain name for the added resolution: www.demon.cn

2. Contact the domain name resolution platform to confirm whether the added resolution has taken effect

4. I manually resolved to the console corresponding value. why isn’t the certificate always issued?

Answer: Trustasia Free/DV certificate issuance time: the fastest 20 minutes after successful resolution addition and backend server verification, generally no more than 24 hours;

DV certificates are automatically issued by the system. In some cases, they are not issued. If it is more than 24 hours, it is recommended to purchase OV/EV certificates.

Special Note: Not all certificates can issue DV types, the domain name will be security reviewed, and if an automatic detection finds anomalies, the CA will not allow issuing; Currently, it is not possible to apply for a G5 series certificate, you need to apply for other types of certificates**

5. The customer uses file verification, but the check reports an error, can let the customer purchase again and choose DNS verification

File verification involves the configuration of the server itself, it is recommended to prioritise using DNS verification, that is, re-order and choose DNS verification.

6. Other validation methods for Trustasia Free/DV Certificates - Trustasia Verification Tool

Check address: https://myssl.com/dns_check.html#ssl_verify

Example: If one of three different domain servers has a matching verification, it means that the resolution has been added correctly.

If the validation does not match, solution:

(1), Whether the DNS/file resolution value has been added according to the information prompted on the console

(2), Check whether the added resolution value is consistent with the console information

(3), If all of the above are correct, you can manually resolve and check the situation in the local shell. Getting the corresponding value means that the resolution is normal, just wait.

7. When Trustasia’s tool resolves checks, there is only one or two matching items

When there is only one or two matching items during the check, it means that the verification is normal, and the customer only needs to wait. Normally, the certificate will be issued within 24 hours; if it is not issued after 24 hours, please directly purchase an OV/EV type certificate.

8. TXT verification value and cname conflict during re-issuance verification

If the txt record in DNS verification conflicts with the cname record, resulting in unsuccessful verification, you can avoid conflicts by adding a level _dnsauth. in front of the original host record (the default displayed value has prompted to add)

Refer to the host record value https://docs.ucloud.cn/ussl/faq/free

IIS Server Certificate DeploymentRenewal Certificate Application Process and Deployment