0

I have renewed the company website's SSL certificate but need to verify ownership of the domain by adding a Cname to the DNS. I've not got much experience installing SSL certificates and I'm struggling to get it to work.

We use AWS route 53 DNS and the record that i need to add is shown like this:

randomlettersandnumbers.www.example.com. 10800 IN CNAME randomlettersandnumbers.comodoca.com.

I find this a little confusing, but I'm pretty sure the example.com should be the name for the record and the comodoca.com for the value. However the TTL is set to only 300 and it has yet to be detected by the SSL site. Maybe i should set it to 10800 but I'm not sure it matters too much?

Any ideas what may be going wrong, I've never used AWS's DNS before so maybe it works differently to others?

Edward144
  • 153
  • 2
  • 2
  • 5
  • Post the question or the record? I've had the record set for about 30 minutes although i have edited it recently to check i entered it correctly – Edward144 Jun 16 '17 at 15:08
  • Okay that's come back with "warning SOA field check - one or more SOA fields are outside recommended ranges" – Edward144 Jun 16 '17 at 15:22

2 Answers2

0

It doesn't matter if you have 10800, more or less. TTL (Time To Live) is the speed (in seconds) you want to refresh your DNS. 10800 = 3 hours, 300 = 5 minutes. After the time passed your SSL record will be able to verify ownership of the domain.

Frédéric Bauer
  • 1
0

If I understand correctly from the following page you have to create 2 cname records. One for www subdomain and one for your domain.

https://support.comodo.com/index.php?/comodo/Knowledgebase/Article/View/791/0/

Also the "random" strings you mention are hashes of your csr and they are different for the record part and the value part of the cname.

Triantafyllos
  • 44
  • 4