Embedded Files
Before any certificate authority hands over an SSL certificate, they need proof you actually own the domain. Usually, this means uploading a file to your server, adding a DNS record, or clicking a verification link in an email. AutoInstall SSL keeps things simple by defaulting to file validation—it's quick and gets your certificate issued fast.
But sometimes file validation just won't cut it. Maybe you've got multiple servers sitting behind a load balancer, or your server isn't publicly accessible yet. That's when DNS validation becomes your best friend. The good news? AutoInstall SSL plays nicely with several major DNS providers and can handle the DNS validation process automatically.
Not sure who manages your DNS? Run a quick nameserver lookup at dnschecker.org to find out.
Why DNS Validation Matters
Why DNS Validation Matters
DNS validation gives you flexibility when the standard file-based approach hits a wall. Instead of needing direct server access, the validation happens at the DNS level—perfect for complex setups or pre-production environments.
When you're managing DNS records anyway, having a solution that integrates directly with your provider makes the whole process smoother. If you're looking for a DNS provider that combines reliability with straightforward API access, 👉 check out DNS Made Easy's powerful DNS management platform for seamless certificate validation workflows.
Setting Up DNS Validation by Provider
Setting Up DNS Validation by Provider
Each DNS provider has its own way of handling API credentials. Below you'll find the exact arguments and sample commands for each supported provider—just copy the command and swap out the bracketed placeholders with your actual values.
Cloudflare
Cloudflare
Cloudflare requires an API token with specific permissions. Here's what you need:
Required arguments:
--validationtype dns
--validationprovider cloudflare
--cloudflareapitoken (your API token)
Windows command:
AutoInstallSSL.exe installcertificate --token [AutoInstall SSL Token] --validationtype dns --validationprovider cloudflare --cloudflareapitoken [APIToken]
Linux command:
sudo runautoinstallssl.sh installcertificate --token [AutoInstall SSL Token] --validationtype dns --validationprovider cloudflare --cloudflareapitoken [APIToken]
Getting your API token:
Head to your Cloudflare profile page and click API Tokens. Hit Create Token, then use the "Edit zone DNS" template. Set Zone Resources to "All zones" and add User + User Details + Read permissions. This lets AutoInstall SSL enumerate your zones and pick the right one for parent or subdomains.
GoDaddy
GoDaddy
Fair warning: GoDaddy only enables API access for accounts meeting certain minimums. If you've got access, here's how to set it up:
Required arguments:
--validationtype dns
--validationprovider godaddy
--apikey (your API key)
--apisecret (your API secret)
Windows command:
AutoInstallSSL.exe installcertificate --token [AutoInstall SSL Token] --validationtype dns --validationprovider godaddy --apikey [APIKey] --apisecret [APISecret]
Linux command:
sudo runautoinstallssl.sh installcertificate --token [AutoInstall SSL Token] --validationtype dns --validationprovider godaddy --apikey [APIKey] --apisecret [APISecret]
Generate your API keys at developer.godaddy.com/keys.
DNS Made Easy
DNS Made Easy
DNS Made Easy keeps things straightforward with API key and secret authentication. For teams already using DNS Made Easy's robust infrastructure, the integration is especially smooth since you're working within a platform designed for enterprise-grade DNS management.
Required arguments:
--validationtype dns
--validationprovider dnsmadeeasy
--apikey (your API key)
--apisecret (your API secret key)
Windows command:
AutoInstallSSL.exe installcertificate --token [AutoInstall SSL Token] --validationtype dns --validationprovider dnsmadeeasy --apikey [APIKey] --apisecret [APISecret]
Linux command:
sudo runautoinstallssl.sh installcertificate --token [AutoInstall SSL Token] --validationtype dns --validationprovider dnsmadeeasy --apikey [APIKey] --apisecret [APISecret]
Getting your credentials:
Log into your DNS Made Easy control panel and navigate to Config > Account Information. You'll need primary user access to view API keys. If credentials aren't displayed, check the box to generate new API credentials and save.
Microsoft Azure DNS
Microsoft Azure DNS
Azure requires several pieces of information from your Entra ID setup:
Required arguments:
--validationtype dns
--validationprovider azure
--azuretenantid (Tenant ID)
--azureclientid (Application/client ID)
--azuresecret (Application secret)
--azuresubscriptionid (Subscription ID)
--azureresourcegroupname (Resource group name)
--azurehostedzone (Hosted zone name)
Windows command:
AutoInstallSSL.exe installcertificate --token [AutoInstall SSL Token] --validationtype dns --validationprovider azure --azuretenantid [TenantId] --azureclientid [ClientID] --azuresecret [Secret] --azuresubscriptionid [SubscriptionID] --azureresourcegroupname [ResourceGroupName] --azurehostedzone [HostedZone]
Linux command:
sudo runautoinstallssl.sh installcertificate --token [AutoInstall SSL Token] --validationtype dns --validationprovider azure --azuretenantid [TenantId] --azureclientid [ClientID] --azuresecret [Secret] --azuresubscriptionid [SubscriptionID] --azureresourcegroupname [ResourceGroupName] --azurehostedzone [HostedZone]
Setup steps:
In Microsoft Entra ID, create a new app registration called "AutoInstall SSL" (leave redirect URI blank). Grant the application DNS Zone Contributor access to the subscription containing your domain's DNS zone.
AWS Route 53
AWS Route 53
Route 53 uses access keys for authentication:
Required arguments:
--validationtype dns
--validationprovider route53
--route53accesskeyid (Access Key ID)
--route53secretaccesskey (Secret Access Key)
Windows command:
AutoInstallSSL.exe installcertificate --token [AutoInstall SSL Token] --validationtype dns --validationprovider route53 --route53accesskeyid [AccessKeyID] --route53secretaccesskey [SecretAccessKey]
Linux command:
sudo runautoinstallssl.sh installcertificate --token [AutoInstall SSL Token] --validationtype dns --validationprovider route53 --route53accesskeyid [AccessKeyID] --route53secretaccesskey [SecretAccessKey]
Getting credentials:
Open the AWS management console, click your profile at the top right, and select Security credentials. Under Access Keys, create a new access key and download your credentials immediately.
Keeping Your Credentials Current
Keeping Your Credentials Current
DNS provider credentials change—whether from security rotations or account updates. When that happens, you can update the credentials AutoInstall SSL uses without starting from scratch. Just rerun the installation command with your new credentials, and AutoInstall SSL will pick up where it left off.
The key is choosing a DNS provider that makes both management and API integration painless. When you need reliable DNS services with straightforward API access for certificate validation and beyond, 👉 explore what DNS Made Easy offers for streamlined DNS operations across your infrastructure.
Page updated
Google Sites
Report abuse