Prove domain ownership

For every domain you set up as a property hostname, you need to prove ownership to ​Akamai​. This strengthens security and prevents other customers from using your domain to serve traffic over ​Akamai​ edge network.

Domain validation is initially optional at launch to give you time to familiarize yourself with the process. However, in alignment with industry best practices, it will be progressively enforced over the next several months. Domain validation will eventually become mandatory for all newly onboarded domains. New customers will be automatically enrolled in the enforced mode, while existing customers will transition gradually.

📘

Another way to validate ownership of the domains you set up as property hostnames is through the Domain Ownership Manager (DOM) application. You can save time by preemptively completing the validation process in DOM and have everything ready when it's time to activate a property version in Property Manager.

Validation overview

In Property Manager, the validation process starts when you add a new property hostname. You copy the information from the UI to your DNS or HTTP server, depending on the preferred validation method. You need to finalize the validation before activating the property version. Once complete, the domain validation doesn’t expire and you don’t need to renew it.

While this check won't be enforced for all customers at launch, domain validation will eventually become mandatory, and failure to complete it may result in blocked activations.

Compare validation scopes

You can prove domain ownership using an integrated flow within Property Manager that covers exact hostname and domain level validations, or with the independent Domain Ownership Manager (DOM) application that additionally offers the wildcard validation scope.

Compare how each scope handles domain and subdomain validation, with examples for clarity:

Property Manager

ScopeDescriptionExample
HostValidates only the added hostname. Subdomains require separate validation. No additional steps needed beyond adding and validating.Validates: 123.blog.example.com
Does not validate: example.com, blog.example.com
DomainBy using "*", validates the top-level domain and all subdomains at any depth. Equivalent to Domain Ownership Manager's Domain scope.Validates: example.com, blog.example.com, 123.blog.example.com, x.123.blog.example.com

Domain Ownership Manager

ScopeDescriptionExamples
HostValidates only the added hostname. Subdomains, sibling domains and parent domains require separate validation.Validates: 123.blog.example.com
Does not validate: example.com, blog.example.com
WildcardValidates one level of subdomains under the top domain. Deeper subdomains require separate validation.Validates: blog.example.com, 123.example.com
Does not validate: xyz.blog.example.com
DomainValidates the top-level domain and all subdomains at any depth.Validates: example.com, blog.example.com, 123.blog.example.com, x.123.blog.example.com

View validation challenges

When you add or edit a hostname in Property Manager, the Domain and Certificate Security step shows necessary information for all available validation methods. Here you can also check the validation status.

To view the validation details for existing hostnames:

  1. Go to the Property Manager Editor.
  2. In the Property Hostnames section, click Actions.
  3. Click Prove ownership.

You can check validation challenges for all available methods.

Validation methods

There are three methods you can use to prove domain ownership to ​Akamai​.

DNS CNAME

In this method, ​Akamai​ generates a CNAME record that you copy to your DNS to automatically handle domain validation challenges and certificate renewal. The DNS CNAME method is recommended in most cases.

📘

If you’re using a default certificate, you need to update your DNS only once and it will both validate your certificate and prove domain ownership to ​Akamai​.

Use this method when:

  • You have direct control over your DNS records.
  • You want to validate an exact host or entire domain and all subdomains at any depth.
  • You are using a default certificate, which lets you use a DNS CNAME record for both the certificate and domain validation.

Don't use this method when:

  • You don’t have control over your DNS records.
  • You are using multiple CDNs.
  • You are not using a default certificate.

How to:

  1. Add a hostname to your property version.
  2. At the Domain and Certificate Security step, select DNS CNAME. See how to view validation challenges of already added hostnames.
  3. Copy or download the validation challenges. Expand the hostname row to view all the details.
  4. In your DNS configuration:
    • Add a CNAME record: _acme-challenge.domainName. For a domain called example.com, the record should be _acme-challenge.example.com.
    • Paste the DNS CNAME you copied from the Property Manage UI as the target.

DNS TXT

In this method, ​Akamai​​ provides a challenge token that you use to set up a TXT record in your DNS configuration.

Use this method when:

  • You have direct control over your DNS records.
  • You want to validate an exact host or entire domain and all subdomains at any depth.
  • You are using multiple CDNs and want to manage domain validation through multiple TXT records in your DNS.

Don’t use this method when:

  • You don’t have control over your DNS records.
  • You don’t want to manually obtain a TXT token and add it to your DNS records for domain validation.

How to:

  1. Add a hostname to your property version.
  2. At the Domain and Certificate Security step, select TXT. See how to view validation challenges for existing property hostnames.
  3. Expand the hostname row to view all the details. Copy or download the validation challenges.
  4. In your DNS configuration:
    • Add a TXT record. Example: _akamai-domain-challenge.example.com.
    • Add the challenge token you copied from the Property Manager UI. The format can be either “token=1234….5678” or “1234….5678”.

HTTP

In this method, you create a file containing a token and save it on your origin server at the provided URL. This method is available for hosts (single hostnames).

Use this method when:

  • You don’t have access to a DNS zone.
  • You’re using multiple CDNs. In this Multi-CDN scenario, you need to manage domain validation through files on the origin server.

Don’t use this method when:

  • You want to validate an exact hostname.
  • You don’t want to manually obtain the new challenge tokens from ​​Akamai​ and add them to a file on your origin server.

How to:

  1. Add a hostname to your property version.
  2. At the Domain and Certificate Security step, select HTTP. See how to view validation challenges of already added hostnames.
  3. Expand the hostname row to view all the details. Copy or download the validation challenges.
  4. Create a plain text file with the challenge token and place the file on your HTTP server, in the location given as the URL in the Property Manager UI. Make sure the file doesn't have any extension.
    cd <web-server-www-root>  
    mkdirs /.well-known/akamai/akamai-challenge  
    echo -n "your-verification-token" > /web-server/.well-known/akamai/akamai-challenge/<challenge-path-token>
    

See also