Introduction
Chinafy leverages Let's Encrypt to securely manage SSL certificates as a default option for Chinafy sites. As part of Let’s Encrypt's SSL Certificate Requirement, Chinafy users need to validate control over the subscribed domain names.
The validation process involves SSL certificate users putting a specific value in a CNAME record under that domain name, before Let’s Encrypt querying the DNS system for that record. If it finds a match, you can proceed to issue a certificate.
Straightforward as it is, failure to validate the CNAME record can still happen (important: it's resolvable!). Below are some common causes:
Common Cause #1: Your CNAME record hasn't propagated fully
Let’s Encrypt may not be able to find a match to their token has the CNAME record hasn't propagated. Check if your CNAME record has propagated before initiating the pre-authentication via Chinafy.
Enter the Hostname of your CNAME record under DNSChecker
Common Cause #2: You've entered the wrong Hostname
Make sure your Hostname for the CNAME record is matched to your (sub)domain name as defined by the ACME standard.
For example, if you're subscribed to Chinafy under help.yoursite.com
, be sure to enter Hostname as _acme-challenge.help.yoursite.com
.
Similarly, if the subscribed domain is www.yoursite.com
, the corresponding Hostname should be _acme-challenge.www.yoursite.com
.
Need additional help? Please contact support@chinafy.com.
Return to your Go Live guide to proceed with the Chinafy Go-Live process.
Comments
0 comments
Please sign in to leave a comment.