DZC TXT record settings for Godaddy SSL Addon Domain SANs

DZC TXT record settings for Godaddy

So we ran into an issue with an SSL certificate that we wanted to install for a client, where we had access to the addon domain, but not for the root domain. We are hoping this finds those who are in need of the same help.  There were two problems we encountered even with the assistance of GoDaddy support.

1.  Entering the right TXT record on the domain DNS settings for verification of SSL.  View misleading Godaddy instructions view here.
2.  Entering the domains on the SSL, specifically the SANs (Subject Alternative Name) for GoDaddy. View misleading Godaddy Instructions here:

Lets set-up the situation

• • The Domain and original hosting of this project was located outside of our account: Let’s call it www.client.com.
  • We built a new website under our own hosting (for maintenance reasons).  Let’s call it www.agency.com.
  • For simplicity and not knowing we were going to be adding a SSL certificate, we created an addon domain to one of our general accounts. The addon domain was the same name as the clients (www.client.com) and when we launched, we pointed their domain to our root. Easy Peasy, Lemon Squeezy!
  • When the time came to install an SSL, this is where things got tricky.  Yes, we would need a multi-site SSL since we had used an addon domain. (We were planning on building a couple more sites under that account in the future)  For the SSL verification we had access to our general account name, but the Client’s Addon Domain was owned by someone else, with no access to the whois email.  No problem right?  Wrong.
  • Setting up the SSL with Godaddy’s bare minimum, and very misleading instructions on-line,  took forever, and about a dozen searches.  Which is why I hope you have reached this post to save time.

Let’s go through the process of adding a TXT record on the domain we are trying to verify outside of your account (without whois domain email contact).

FROM GODADDY:

Log into the account where domain is located and use the following information to create your TXT record on the domain you want to verify for SSL.

WHAT THEY REALLY MEAN:

• Use the following information to create your TXT record:

There was a big unknown of whether to enter just DZC, or include the root domain in the DZC – dzc.rootdomain.com or add only the subdomain – dzc.subdomain.com or maybe the full sub and root together – dzc.subdomain.rootdomain.com

Solved: Enter DZC.THE-ROOT-DOMAIN-FOR-THE-SSL.COM.

Multiple Domain (UCC) SSL Addon Domain

THE NEW PROBLEM:

When we added the domains on the Multiple Domain (UCC) SSL certificate we added the root domain (agency.com), which we can do right through GoDaddy.  Easy Peazy! Then we added the SAN domain (client.com) When it came time to verify the addon domain it took forever – especially with the GoDaddy directions listed above – but it finally did approve.  Then we seen the dreaded Certificate error in the url of our website. We checked the certificate with an SSL checker, https://www.sslshopper.com/ssl-checker.html, everything looked good.  GoDaddy checked it and everything looked good – We had already changed all the URLS over to https and people are going to the site and getting certificate errors!

The Aha Moment

While I’m talking with GoDaddy on the phone, I look at the certificate error closely. It revealed that it is issued to the root domain agency.com, www.agency.com and SAN of client.com. OUR WEBSITE RESIDES AT WWW.CLIENT.COM!!!!

SOLVED – The main domain on a Multiple Domain (UCC) SSL certificate will automatically protect www and non-www versions of the domain, HOWEVER the SAN will only protect the version you specify, so in our case the www version.

The fix, would be to

1) change all instances in the website, database, and .htaccess SSL redirect to non-www (also webmaster tools-Search Console).

or

2) Modify the Multiple Domain (UCC) SSL certificate by dropping the non-www version and adding the www version. Which we did.  It had to re-issue the certificate and it took about 10 minutes to re-verify everything.

Here’s another tip in case you are still going through the SSL process:

1) HTACCESS SSL REDIRECT FOR WORDPRESS SITE AND GODADDY HOSTING

add this to your .htaccess file to direct all traffic to SSL

RewriteEngine On

RewriteCond %{SERVER_PORT} 80

RewriteRule ^(.*)$ https://AddYourDomainHere.com/$1 [R,L]

2) CHANGE WORDPRESS AND SITE ADDRESS TO CHANGE THE URLS ON MEDIA FILES, ETC.

-UNDER SETTINGS – GENERAL TAB

3) RUN VELVET UPDATE URLS PLUGINS, AND REPLACE ALL URLS, EVEN GUIDS (unless you do use the old domain in posts, such as outlinks)