Alt DCV Checker
Look up common DNS domain control validation records used during certificate issuance.
About the Alt DCV Checker
Before a certificate authority issues a TLS certificate, it must prove you control the domain. The Alt DCV Checker scans public DNS for common validation records: ACME _acme-challenge TXT and CNAME, _dnsauth, legacy _pki-validation, Cloudflare custom hostname tokens, and CAA policy records at the apex.
This helps during issuance debugging when a CA reports DNS validation pending, when migrating from HTTP validation to DNS-01, or when confirming a challenge token was published to the correct host. HTTP based validation (.well-known paths) is not checked here; use HTTP Header Checker or SSL Checker for live origin behavior.
The domain you enter is sent to our server, which queries DNS over HTTPS. We do not store lookups. Absence of records usually means validation is HTTP based, not yet published, or already completed and removed.
Reach developers and designers who use these tools every day. Privacy-first, no trackers.
Frequently asked questions
What is domain control validation?
CAs require proof you control a hostname before signing a certificate. Common methods are HTTP file upload, DNS TXT or CNAME records, or email to administrative addresses.
Why is _acme-challenge empty?
ACME DNS-01 tokens are often temporary. If you use HTTP validation instead, or validation already finished, no _acme-challenge record will be present.
What are CAA records?
Certification Authority Authorization DNS records list which CAs may issue certificates for your domain. They are policy, not a challenge token.
Is my domain stored?
No. Our server performs the DNS lookup and returns results without persisting the domain.
Does this validate my certificate?
No. It only shows whether common DCV DNS records exist right now. For the live certificate on a host, use SSL Checker.