ドメイン制御検証 (DCV)
Before a certificate authority (CA) will issue a certificate for a domain, the requester must prove they have control over that domain. This process is known as domain control validation (DCV).
カスタム証明書の場合、CAから証明書をリクエストする際に、DCVは常にあなたが処理します。
Cloudflareを通じて発行された証明書の場合、このプロセスは自動的に行われることもあれば、次のセクションで説明するように、あなたがアクションを取る必要がある場合もあります。
あなたのドメインがフルセットアップにある場合 — つまり、Cloudflareがあなたの権威あるネームサーバーを運営している場合 — CloudflareはTXTレコードを使用して自動的にDCVを処理します。詳細については、ユニバーサルSSLを有効にするを参照してください。
あなたのアプリケーションが部分DNS設定にある場合 — つまり、Cloudflareがあなたの権威あるネームサーバーを運営していない場合 — DCVを完了するために追加のステップを実行する必要があるかもしれません。
If every hostname on a non-wildcard certificate is proxying traffic through Cloudflare, Cloudflare can automatically complete DCV on your behalf.
This applies to customers using Universal or Advanced certificates.
If one of the hostnames on the certificate is not proxying traffic through Cloudflare, certificate issuance and renewal will vary based on the type of certificate you are using:
- Universal: Perform DCV using one of the available methods.
- Advanced: In most cases, you can opt for Delegated DCV, which greatly simplifies certificate management.
For wildcard hostname certificates, certificate issuance and renewal varies based on the type of certificate you are using:
- Universal: Perform DCV using one of the available methods.
- Advanced: In most cases, you can opt for Delegated DCV, which greatly simplifies certificate management.
If you cannot use Delegated DCV, you need to use TXT based DCV for certificate issuance and renewal. This means you will need to place one TXT DCV token for every hostname on the certificate. If one or more of the hostnames on the certificate fails to validate, the certificate will not be issued or renewed.
This means that a wildcard certificate covering example.com and *.example.com will require two DCV tokens to be placed at the authoritative DNS provider. Similarly, a certificate with five hostnames in the SAN (including a wildcard) will require five DCV tokens to be placed at the authoritative DNS provider.