Use Auto SSL
Let CDN.com.tr request and renew certificates after DNS and verification are ready.
CDN.com.tr Help
Issue a certificate before switching DNS (zero downtime)
Get a valid wildcard certificate ready while your domain still points to the old provider, so HTTPS works from the first second after the DNS switch.
SSL certificates
Issue a certificate before switching DNS (zero downtime)
Get a valid wildcard certificate ready while your domain still points to the old provider, so HTTPS works from the first second after the DNS switch.
Panel path
- Management Panel
- CDN
- Distribution Settings
- Domain row SSL shield
- Issue a new certificate — no downtime
- Add TXT record at current DNS provider
- Check propagation
- Verify and issue
- Automatic deploy
Use cases
A customer is about to move a live production domain behind CDN.com.tr and cannot accept the usual 5–15 minute HTTPS gap while the automatic certificate is issued after the switch.
Workflow
- Open Distribution settings and click the SSL shield on the domain row.
- Choose "Issue a new certificate — no downtime".
- The wizard finds the root domain on the account and prepares a wildcard certificate request covering all subdomains.
- Copy the DNS TXT record(s) shown by the wizard and add them at your current DNS provider. Two values under the same record name are normal — add both.
- Click Check Propagation until the records are confirmed (usually 1–15 minutes).
- Click Verify with Let's Encrypt, then Issue Certificate. The certificate deploys to the CDN edges automatically.
- Switch your DNS whenever you are ready; the domain is served over HTTPS immediately.
Checks
- The TXT record name is always based on the root domain (for example `_acme-challenge.example.com`), even when you start from a subdomain.
- The issued certificate is a wildcard covering the root domain and all first-level subdomains.
- The certificate cannot renew automatically while DNS stays outside CDN.com.tr — re-run the wizard or move DNS before it expires (about 90 days).
Frequently asked questions
Why are there two TXT values with the same name?
A wildcard certificate needs two separate validations — one for the root domain and one for the wildcard. Both values must exist at the same time under the same record name; add them as two separate TXT records.
Check Propagation keeps failing — what should I check?
Confirm the record name matches exactly (no double prefixes), both values are published, and enough time passed for your DNS provider TTL. You can verify with `dig TXT _acme-challenge.example.com` or an online DNS lookup tool.
Does this work if my domain is already on CDN DNS?
If the domain is already fully transferred, you do not need this flow — Auto SSL issues and renews certificates without any manual TXT records.
Will the certificate renew automatically?
Not while your DNS is at another provider. Before the expiry date shown in the panel, either complete the Full DNS Transfer (renewal becomes automatic) or run this wizard again.
Related pages
Upload and attach a certificate
Use manual certificate files when the customer already manages the certificate externally.
Understand SSL status and fix common problems
Decode the SSL shield states on the domain list — active, queued, expired, waiting for redirect, needs attention — and the safe next step for each.