1. Verification file configuration error
1.1. The site has enabled https access
Possible causes:
The verification file is deployed only in the HTTP service path, but not in the HTTPS service path, which results in the failure to find the corresponding file when requesting using the HTTPS protocol.
Treatment method (choose one):
a) Place the verification file in the HTTPS service path and ensure that it is accessible via the HTTPS protocol;
b) Disable the HTTPS service of the site;
1.2 When accessing the verification file, the site returns an error code
Possible causes:
When trying to obtain the verification file, the site returns an error code page, such as a 50X internal error page, a 40X error page, a 30X redirect page, etc.
Treatment method:
Ensure that the URL specified by the CA can directly access the correct verification file content. Ensure that the final verification file is not displayed in the web browser through redirection or other means. You can detect whether the browser address has changed to detect whether it has been redirected.
1.3 The site has enabled CDN service
Possible causes:
The CDN service node is not synchronized overseas. The CA verification server does not have a domestic mirror site. When your CDN mirror service node fails to complete synchronization overseas, the verification file cannot be detected.
Treatment method:
Synchronize the verification file to the overseas CDN service node, or temporarily shut down the CDN overseas acceleration service. If you cannot operate the CDN node server, it is recommended that you change the verification method to DNS verification.
1.4 Verifying file timestamp timeout
Possible causes:
The verification file for file verification is valid for 7 days. If the timestamp information in the verification file content exceeds 7 days, the verification will fail.
Treatment method:
curl -k -v to verify the file URL or wget -S to verify the file URL
To verify the file URL, please test it using both HTTPS and HTTP protocols.
2. DNS configuration error, Entry mismatch
2.1. Record value configuration error
Possible causes:
DNS resolution records are divided into host records and corresponding record values. When the host record is configured correctly, but the corresponding resolution record value is configured incorrectly, verification errors will occur.
Treatment method:
Configure the correct DNS host record and record value.
2.2. When using the services of dnspod or some other domain name resolution service providers, the DNS resolution configuration is not completed.
Possible causes:
When using dnspod as the domain name resolution service provider, the CA verification return is inaccurate because the query return value of dnspod for non-existent host records is different from the expected return value.
Treatment method:
Ignore related errors and complete the DNS resolution record configuration as soon as possible to complete the domain name verification.
2.3. The domain name has enabled dynamic resolution service
Possible causes:
The dynamic domain name resolution service was enabled for the relevant domain name, and the corresponding CNAME resolution record value failed to be synchronized to the overseas authoritative DNS server in a timely manner.
Treatment method:
Please ensure that the dynamic resolution service is normal and that the overseas resolution service can resolve your newly added CNAME resolution record normally. Complete the synchronization of domain name resolution record values as soon as possible.
CNAME record value verification method
Windows: You can use the nslookup command to query the status of your domain name resolution. Select the Start menu, click “Run”, enter “cmd”, and enter the following command in the command line window: nslookup -qt=cname “your domain name verification string” Analyze the output information of your domain name verification string information to ensure that the DNS resolution record has been correctly configured.
Linux: dig command is recommended
If it is inconvenient to use the above command, you can use the web tool to detect it. Remember to select CNAME.
