Domain Ownership Verification with A and AAAA records

I’m curious how domain verification works using A and AAAA records. In my case, I pointed the A and AAAA records for my apex domain at my app’s ip addresses and generated a new cert. I was expecting to need a CNAME record to complete domain ownership validation, but it completed automatically without it. Looking at my cert on my dashboard, it explains:

If the domain is directing traffic to your application with a CNAME record or both A and AAAA records, we will verify it automatically.

So can anyone help me understand how this process works using just A and AAAA records?

As far a I know it works like this

When you claim that domain name is yours you have authority to change records of it right?

Now You have the domain you added A and AAAA which means your
domain points to the ip addresses present in A or AAAA

Now what the verifier does is

They try to access the cert using the domain
which if you have authority to change records
will point to whatever server you like to point
either by CNAME or A or AAAA
Now I got access to the cert I verify if its yours
if it is yours its verified that you have the domain
else verification fails

I guess that’s it.
Correct me if I am wrong. Always willing to learn

1 Like

We use ALPN verification for letsencrypt certificates: Challenge Types - Let's Encrypt


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.