Auto Domain Validation

This behavior enables the automatic renewal of Standard TLS Domain Validated certificates.

With Domain Validation (DV), the applicable certificate authority (CA) validates that you have control of the domain. (DV is the lowest level of validation.) The Certificate Provisioning System supports DV certificates issued by Let’s Encrypt, an automated, and open CA that is run for public benefit. Certificate expiration is typically as follows:

  • Akamai-managed DV certificates expire in 90 days.
  • Renewals for Akamai-managed DV certificates start 16 days prior to expiration.
  • A third party, customer-supplied, DV certificate can expire whenever the applicable certificate authority determines it expires; this behavior is not necessary for customer-supplied DV certificates.

When should I include this behavior?

If you are using Standard TLS DV certificates for the hostnames in this property, you should include this behavior to enable automatic renewal of the certificate. If you leave this behavior out, the certificate could expire, and HTTPS traffic will be served with certificate errors.

This behavior is not required for any Enhanced TLS certificates.

How is this behavior supported?

You can include this behavior in your property in multiple ways:

  • You can include it in the Default Rule. In this case, it is applied to all requests for all resources associated with this property.
  • You can include it in a supplemental rule. This allows you to set up a custom rule that only applies to specific requests for resources associated with this property. This rule must use only the "Hostname" condition match criteria.
  • It can be applied in multiple rules. Rule priority applies, with rules lower in the order taking precedence.
  • There might be an issue if an incoming request matches another "redirect" behavior. Assume that the incoming request matches another behavior you have in your property that results in a redirect operation similar to what applies with this behavior. If so, the operation that takes precedence depends on where the behavior is in the property.
    • If you are using a similar behavior, ensure that that behavior exists in a rule that is higher in ordering.
    • You should test on your configuration on staging by making a request to www.yourdomain.com/well-known/acme-challenge/some_random_token.