May 7, 2025 – Introducing HTTP and DNS TXT Record Validation for Default Certificates

We're pleased to introduce a new validation capability for Default certificates in General Availability. Now you can validate your Default certificates using HTTP and DNS TXT records, bringing additional flexibility to certificate management workflows.

To expand certificate validation options, we’re adding HTTP-01 validation to our Default DV certificate. It addresses a critical need for those with complex hosting environments or limited DNS management capabilities. While our recommended Auto DNS validation method works well for many use cases, HTTP-01 validation provides an alternative path that solves specific deployment challenges.

What's New

• DNS TXT record validation option for Default DV certificates
• Support for HTTP01 validation method for Default DV certificates
• Particularly beneficial for SaaS providers and multi-CDN use cases

Benefits

• Streamlined certificate validation process
• Greater flexibility in how you validate domain ownership
• Improved support for complex hosting scenarios
• Enhanced options for SaaS providers and multi-CDN deployments

How to Access

After activation, advanced validation tokens will be displayed in your certificate workflows. For existing completed certificate workflows, this feature may show as “Not available” until you initiate a new certificate request.

Wildcard support

• We don't support HTTP-01 validation for wildcard certificates.
• Let’s Encrypt only supports DNS validation for wildcard certificates.

Slot Matching Incompatibility

Auto HTTP Validation Constraint. This feature is not compatible with legacy Slot Matching configurations. If your properties use Slot Matching, which means a deprecated technique where multiple hostnames share the same metadata configuration, you must follow a specific two-step migration process to avoid service disruption:

1. Add the hostname as an exact match on a property with cert type CPS_MANAGED and complete the activation.
2. Only after confirming successful activation, change the hostname cert type from CPS_MANAGED to DEFAULT.

This prevents potential service disruptions that could occur during certificate validation. If you're unsure whether your configuration uses Slot Matching, please contact your Akamai representative before proceeding.

To learn more about the feature, check out the documentation:

• Add a hostname with a Default DV certificate
• Add hostnames with Default DV certificates to the bucket
• Onboard a property with Default DV certificate and advanced domain validation for SaaS/PaaS/IaaS provider
• Onboard a property with Default DV certificate and advanced domain validation in Multi-CDN scenario

Questions

If you have any questions about this release, please contact your Akamai representative or submit a ticket through Control Center.