SSL certificate maximum validity is being reduced to 200 days from March 2026. Read more →

SSL Certificates

Cheap SSL DV SSL Wildcard SSL Multi-Domain (SAN) OV & EV SSL

Specialty Certificates

Code Signing Document Signing Email / S/MIME VMC / BIMI
In effect now Certificate Lifetime

Automation

Overview Auto DNS FairSSL vs Let's Encrypt

Platforms

Windows Setup Linux & Kubernetes Appliances ACME Clients

Tools

SSL Scanner Certificate Decoder CAA Generator

Guides

Windows Server Linux & Open Source All guides

Company

About Us Contact Installation Service
News

Language

Dansk Svenska English

Currency

Login Create Account

SSL Automation

Auto DNS: automated domain validation

With FairSSL Auto DNS you create a single DNS CNAME record per domain, and we handle all domain validation automatically. No manual validation steps, no expired tokens, no delays on renewal.

How it works

1

You create a CNAME record in your DNS

Point _dnsauth.your-domain.com to your unique Auto DNS address (shown in the FairSSL portal).

2

FairSSL handles validation automatically

When a CA (DigiCert, RapidSSL, GeoTrust, Thawte) needs to validate your domain, FairSSL Auto DNS automatically responds to the DNS challenge via the CNAME pointer.

3

Permanent and automatic

The CNAME record is permanent. All future certificate issuances and renewals on the domain from your FairSSL account are validated automatically, without any action required from you.

DNS setup

In the FairSSL portal you will find your unique Auto DNS destination. Create the following CNAME record with your DNS provider:

Hostname / Name: _dnsauth.your-domain.com TTL: 600 Type: CNAME Destination: your-unique-value.autodns.fairssl.dk

Tip: Trailing dot

Some DNS servers require a dot (.) at the end of the destination to prevent your domain name from being appended automatically. In that case use your-unique-value.autodns.fairssl.dk.

Verify your setup

Once the CNAME record is created, you can verify that it works using nslookup or Google Dig:

nslookup -type=CNAME _dnsauth.your-domain.com

The result should show a CNAME with a target of your-unique-value.autodns.fairssl.dk. When it does, Auto DNS is ready to use.

You can also use the built-in DNS check in the FairSSL portal, which automatically verifies your CNAME configuration and provides error messages if something is misconfigured.

Supported CAs and brands

Auto DNS works with all DigiCert products and DigiCert brands:

DigiCert
...
Thawte

DigiCert brand

Auto DNS is also used in the FairSSL ACME solution for automatic validation of DigiCert brands.

Benefits of Auto DNS

Set up once

One CNAME per domain. After that, validation is automatic for all certificates and renewals.

No firewall openings

Auto DNS uses DNS validation, so it works behind firewalls, load balancers and reverse proxies.

No DNS API keys

Auto DNS does not require each ACME client to modify your domains' DNS, which improves security.

Supports wildcards

Wildcard certificates require DNS validation. Auto DNS handles it automatically.

Faster issuance

No waiting for manual validation. DV certificates are issued in under 2 minutes and under 15 seconds via ACME.

Hands-free renewal

Certificates can be renewed automatically without anyone needing to approve or click anything.

Multiple domains, one account

All domains with a CNAME pointing to your account are validated automatically. Add new domains any time.

Get started

Your unique Auto DNS destination can be found in the FairSSL customer portal. Log in and navigate to Auto DNS under your domain. If you need help setting up or verifying your DNS configuration, contact our support by email or phone.

Go to portal Contact support

Questions about Auto DNS

Find answers to the most common questions about SSL certificates and FairSSL.

Auto DNS works with all DigiCert products and DigiCert brands (RapidSSL, GeoTrust, Thawte). It covers all validation levels (DV, OV and EV) from these four CAs. Auto DNS is also used in the FairSSL ACME solution for DigiCert brands.
No. One CNAME per domain is enough. Once the CNAME record is created, it applies to all future certificates and renewals on that domain. You do not need to touch DNS again.
Without the CNAME record, FairSSL cannot validate the domain automatically. You will need to complete manual DNS or HTTP validation for the next certificate issuance or renewal.
Yes. Wildcard certificates require DNS validation, and Auto DNS handles this automatically. Create the CNAME for the base domain (e.g. _dnsauth.example.com), and it covers both example.com and *.example.com.

Ready for automated domain validation?

Create a free account and issue your first certificate in under 10 minutes.

Create free account Compare certificates