I recently renewed a wildcard cert with godaddy and they need me to verify domain ownership (since it's not hosted with godaddy). Fine, no problem, I've done this lots in the past with other certificates, however this time it wants me to create an "@ TXT" DNS record with the Unique ID for verification -- The problem, our "@ TXT" DNS record is our SPF record, and I'm not removing our SPF record to validate domain ownership.
In the past we have used a "DZC TXT" entry, but now we are told to create an "@ TXT" entry. Why has this changed? Do they not realize people use "@ TXT" for SPF records?
I tried adding the Unique ID as a DZC record, but validation is still failing. Any ideas?
Solved! Go to Solution.
Are you not able to add another one?
No. The @ symbol references the root domain, so @ TXT is the default TXT record for the root domain. SPF records are now kept in this entry since the SPF DNS record was deprecated. Multiples of this can't exist, which is probably why they used DZC in the past.
In the end I just changed the @ record to the Unique ID, waited for the system to verify the record, then changed it back to my SPF record. Really kind of annoying that they changed this.
You can make as many "@ TXT" records as you want, I do it all the time. For example, domain verification when provisioning Office 365.
For TXT records, @ is used most of the time, even when multiple TXT records are present. You do not need to remove your SPF record, go ahead and create the additional TXT record!
Once the domain is verified, you can remove it.
Exactly... But you know, some people rather do things the hard way.
The original poster did not specify exactly how s/he is maintaining DNS records; however, I stumbled across this thread since I ran into a similar issue. We use AWS' Route 53 service to maintain our DNS records and using that service you cannot create as many "@ TXT" records as you'd like - at least not in a way that is obvious to novices like myself. At least for me, I did not have to delete the SPF info from my existing "@ TXT" record but rather was able to add the "Unique ID" on a separate line in the value field for the existing "@ TXT" record in the Route 53 console interface. In the console view this ends up looking like a single "@ TXT" record with multiple values which is perhaps the same thing as other posters have referenced as multiple "@ TXT" records? In any case, this allowed the GoDaddy domain verification to succeed.
I am having issues verifying a wildcard certificate via DNS. I have added the appropriate TXT record but it is still not working. I tried just @domain.com and dzc.domain.com Is there something different that needs to be done with wildcard certificates?
Not all DNS Managers allow entering a name "@" for a TXT record. Ex. Linode's DNS Manager does not allow you to add "@" for TXT records, and you have to leave the name field blank. You might want to try that -- I did and it works.
I am unable to use "@" or leave it blank - do you know what I should use for the name (host) field instead? The domain name doesn't seem to be working.