Back to app
Docs
Getting Started
DocumentationHow to Verify Your DomainSet Up the Agent
Concepts
What Is CNAME Delegation?

How to Verify Your Domain

Step-by-step instructions for adding a domain and completing verification.

Overview

Before QuietLS can manage SSL certificates for your domain, you need to prove that you own it. Domain verification is a one-time process: you create a special DNS record (a CNAME) that points to QuietLS, and QuietLS checks that the record exists. Once verified, your domain status changes to Active and you're ready to go.

For a deeper explanation of the underlying mechanism, see What Is CNAME Delegation?.

Prerequisites

  • A domain name you control (e.g. example.com).
  • Access to your domain's DNS settings — typically through your domain registrar or DNS provider (Cloudflare, Route 53, Namecheap, GoDaddy, etc.).

Step 1: Add Your Domain

  1. Log in to the QuietLS dashboard.
  2. Navigate to Domains and click Add Domain.
  3. Enter your domain name (e.g. example.com or *.example.com for a wildcard).
  4. Click Add.

Your domain appears in the list with the status Pending Verification.

Step 2: Copy the CNAME Record

After adding the domain, QuietLS generates a unique verification record for you. Open the verification dialog (click Verify next to your domain) and you will see two values:

TypeNameValue
CNAME_pki-validation.example.com<token>.verification.quietls.com
  • Name — always _pki-validation. followed by your domain.
  • Value — a unique token generated specifically for your account and this domain.
Use the copy buttons in the dashboard to avoid typos.

Step 3: Create the CNAME in Your DNS Provider

Log in to your DNS provider and create a new CNAME record with the name and value from Step 2.

General instructions

  1. Go to your DNS management page.
  2. Add a new record of type CNAME.
  3. In the Name (or Host) field, enter _pki-validation (some providers append your domain automatically; others require the full name _pki-validation.example.com).
  4. In the Value (or Points to / Target) field, paste the token value, e.g. a1b2c3d4e5f6...verification.quietls.com.
  5. Save the record.

Cloudflare users

If you use Cloudflare, make sure the Proxy toggle is set to DNS only (the gray cloud icon). Proxied records (orange cloud) will not resolve correctly and verification will fail.

Step 4: Verify

You have two options:

Verify immediately: Click the Verify Now button in the dashboard. QuietLS performs a DNS lookup right away and tells you the result.

Wait for automatic verification: QuietLS automatically checks for your CNAME record in the background — once per hour, for up to 5 hours after you add the domain. If the record is found during any of these checks, your domain is verified automatically.

What Happens After Verification

Once the CNAME record is detected and matches the expected value:

  • Your domain status changes from Pending Verification to Active.
  • A Verified At timestamp is recorded.
  • The domain is now ready for SSL certificate management.

If you added a wildcard domain (e.g. *.example.com), any subdomains you previously added (like api.example.com, cdn.example.com) are automatically grouped under the wildcard as children.

Troubleshooting

"CNAME record not found"

Possible causeWhat to do
DNS propagation delayDNS changes can take up to 24–48 hours to propagate globally, though most providers update within minutes. Wait and try again, or let automatic verification pick it up.
Wrong record nameDouble-check that the name is exactly _pki-validation.example.com. Some providers require just _pki-validation (they add the domain automatically).
Wrong record valueCopy the value directly from the dashboard using the copy button. The token is case-insensitive, but the full value must match exactly.
Cloudflare proxy enabledIf you use Cloudflare, switch the CNAME to DNS only (gray cloud). Proxied records are not visible as CNAME lookups.
Record type mismatchMake sure you created a CNAME record, not a TXT, A, or AAAA record.

Verification succeeded but status hasn't changed

This typically means the dashboard hasn't refreshed. Reload the page or navigate away and back to the Domains list.

Wildcard domain not adopting subdomains

Subdomains are adopted automatically only when the wildcard domain is first created. If you add subdomains after the wildcard, they are not automatically linked. Re-adding them will associate them with the wildcard parent.