Add a hostname with a Default DV certificate (LA)

Easily secure client requests by creating and provisioning a Default Domain Validation (DV) certificate when you add a hostname to a property.

Before you begin

In Property Manager, create a brand new property or edit an existing one.

How to

  1. In the Property Manager Editor, in the Property Hostnames panel, click +Hostnames>Add Hostname(s).

  2. In the Add Hostname(s) field, enter the hostnames you want to use and click Next. The names don't need to contain https://, just the domain.


You can add multiple hostnames by pasting them into the field. If you do, each value needs to be separated by a space or comma, or contained on separate lines. Duplicate names are skipped.

  1. To request a new certificate, make sure Automatically request certificates is On.

  2. Select the Deployment network. You can choose Standard TLS or Enhanced TLS. For more information, see Compare the security levels.

  3. Click Validate Certificate Domains to verify that you own the domain of the hostnames you are adding. The list displays the ACME CNAME records you need to add to your DNS.

  4. Click Copy all DNS Records. The records are copied in a comma-separated format.

  5. Copy the records to your DNS.

  6. Click Next.

  7. If applicable, specify the desired Mapping Solution. If none of the following apply to you, skip to the next step.


You can only select one Mapping Solution—you can enable Edge IP Binding, or select a Use Case, but not both.

  1. Click Next. Select the checkboxes next to property hostnames you want to configure edge hostnames for. You can apply your edge hostname settings to multiple property hostnames at the same time.

    • Create. With this option selected, you can define a fully custom edge hostname and select a different domain.
    • Select existing. Select this option if you want to associate your property hostname with an existing edge hostname.
    • Custom. Select this option to manually input a CNAME target to be used in the association. Contact your account representative for further details on the proper use of this field, and whether it applies to your environment configuration.
  2. Select the appropriate IP version, based on what your application or site can support.

  3. Once you complete selecting your hostname options, click Submit.

  4. Review the information in the Success window and apply its instructions as required. Click Close.

You can view all details for a hostname in the Property Hostnames panel by expanding a particular row.


You can provision up to 50 Default DV certificates per hour. If you exceed that limit, Property Manager automatically queues and processes the remaining certificates in the next batch.

Certificate renewal

Default DV certificates will renew automatically as long as the _acme-challenge record in your DNS points to the provided target validation hostname. You should configure the Expired default certificate alert to get notified each time a certificate expires.

Configure alerts for your certificates

After you activate the property, you need to set up certificate-related notifications.


While these alerts are automatically generated for CPS-managed certificates, you need to create them manually for Default DV certificates. Otherwise, you won't receive any notifications about certificate expiration or issues with domain validation.

In ​Control Center​, go to the Alerts application. In the Select alert type field, type these names:

  • Expired Default certificate – this alert notifies you that a Default DV certificate is expired. To make sure it renews automatically, verify your DNS includes the CNAME record with the ACME validation challenge you copied in steps 5 through 7.
  • Expired Default certificate removal – this alert notifies you that an expired Default DV certificate will be removed from the network.
  • DNS does not contain an authorized certificate authority – this alert notifies you when the Default DV certificate cannot be issued because Let’s Encrypt is not an authorized certificate authority in your DNS.
  • Domain validation failed – this alert notifies you when a Default DV certificate cannot be issued because DNS validation failed.
  • Certificate’s domain is blocked – this alert notifies you when a Default DV certificate cannot be issued because the domain is blocked by the certificate authority Let’s Encrypt.

For complete steps, see Create an alert.