Cloudflare Docs
Ssl
SSL
Visit SSL on GitHub
Set theme to dark (⇧+D)

Changes to HTTP DCV

After October 21, 2021, you will also no longer be able to issue new wildcard certificates or validate existing certificates up for renewal using HTTP Domain Control Validation (DCV).

What is affected?

If you are affected by this change, you should have also received an email from Cloudflare.

Advanced certificates

This change affects customers using Advanced certificates for wildcard certificates or certificates with multiple SANs.

If your application uses a full setup or already uses another method of DCV, you do not need to make any changes. Cloudflare will complete TXT DCV on your behalf

If your application uses a partial (CNAME) setup and also uses HTTP DCV validation, you will need to change your DCV method to either TXT or Email.

SSL for SaaS

This change also affects SSL for SaaS customers who use HTTP DCV validation for wildcard certificates.

Update your DCV method to TXT and provide the TXT validation tokens to your customers so they can add it to their DNS.

If you do not make a change, Cloudflare will automatically change your DCV method to TXT and send your customer tokens to you 30 days before the certificates expire.

Why is this change happening?

The Certificate Authority/Browser forum voted against using HTTP-based validation to prove ownership before issuing wildcard certificates. As a result of that decision, Digicert and other CAs will be implementing the change on November 15th.