DigiCert has announced an important change in how Domain Control Validation (DCV) via DNS CNAME records must be configured.
Starting October 28, 2025, only the static prefix "_dnsauth" CNAME configuration will be supported.
The current [random_value] prefix CNAME configuration will no longer work after this date. If domains are not validated correctly, DigiCert will not issue certificates.
New Required Configuration (effective October 28, 2025)
* Hostname field: _dnsauth
* Target host field: [random_value].dcv.digicert.com
Deprecated Configuration (no longer valid after October 28, 2025)
* Hostname field: [random_value]
* Target host field: dcv.digicert.com
What this means for you
Resellers using our API responses:
You do not need to take action. Our API responses will be updated as of October 1, 2025, to provide the new "_dnsauth" format automatically.
Resellers who generate DNS records manually:
You must update your process to use the new "_dnsauth" configuration before October 28, 2025. After this date, DigiCert will reject validations using the old format.
Why this change?
DigiCert is consolidating and simplifying its DCV methods as part of moving to its Open-Source Domain Control Validation code. This provides greater transparency, improved performance, and eliminates variations that can cause issues.
We will continue to monitor developments closely and ensure smooth implementation across our platform.
For more details, please contact our support team at support@realtimeregister.com.