Email based validation will send an approval email to the contacts listed for a given domain in WHOIS, along with the following addresses: admin@, administrator@, hostmaster@, postmaster@, and webmaster@.
Based on your chosen Certificate Authority, you may not be able to use email verification with advanced certificates.
If you want to use a Universal SSL certificate, you will need to edit the validation_method via the API and specify your chosen validation method.
Alternatively, you could order an advanced certificate via the dashboard or the API.
Once you specify your chosen validation method, you can access the validation values by:
- Going to SSL/TLS > Edge Certificates in the dashboard and selecting a certificate.
- Getting certificate details by making a
GETrequest withstatus=pending_validationin the request parameter and finding thevalidation_methodandvalidation_records.
Once you locate your certificate, find the following values:
- API:
emails - Dashboard: Certificate validation email recipients.
The addresses listed in this field will receive an email from support@certvalidate.cloudflare.com. They should either select Review Certificate Request or the https://certvalidate.cloudflare.com hyperlink.
As soon as the domain owner has followed the link in this email and selected Approve on the validation page, the certificate will move through the various statuses until it becomes Active.
Even if you manually handle DCV when issuing certificates in a partial DNS setup, at certificate renewal, Cloudflare will attempt to automatically perform DCV via HTTP.
If all of the following conditions are confirmed at the first attempt, the renewal happens automatically via HTTP.
- Hostnames are proxied.
- Hostnames on the certificate resolve to the IPs assigned to the zone.
- The certificate does not contain wildcards.
If any one of the conditions is not met, the certificate renewal falls back to your chosen method and you will need to repeat the DCV process manually.