Supported DNS providers

SSLMate integrates with the following DNS providers:

• Azure
• Cloudflare
• DNSimple
• DNS Made Easy
• DigitalOcean
• Gandi
• Google Cloud DNS
• Linode
• Name.com
• NS1
• Route 53

To integrate with one of these providers, visit your integrations page.

How to use DNS approval

First, visit your integrations page to integrate SSLMate with the DNS providers which host the domains for which you need to obtain certificates.

Then, specify the --approval=dns flag when ordering a certificate with the sslmate command, or set the approval field to dns when ordering a certificate with the REST API.

SSLMate will automatically publish the required DNS record under your domain. When the certificate renews, SSLMate will add another record to automatically approve the renewal. When a record is no longer required, SSLMate will remove it.

To change an existing certificate to use DNS approval, run: sslmate edit NAME --approval=dns.

Manual DNS approval

If SSLMate doesn't support your DNS provider, you can add the DNS record manually. Pass the --approval=dns option to sslmate buy. sslmate will display a DNS record, in standard zone file format, which you must add to your DNS. Once added, press enter to complete your purchase.

Once the DNS record is published, leave it in place as long as the certificate is still in use, since it will be re-verified when your certificate renews. Note that rekeying a certificate requires you to replace the DNS record with a new one. Renewing a certificate will reuse the existing DNS record.

To verify that the DNS records for a certificate are correctly published, run: sslmate retry-approval NAME. If the records are not correctly published, SSLMate will output them again. If they are correctly published, SSLMate will proceed to issue the certificate.