Feb 20, 2024

Atlas Domain Management FAQs

Atlas Domain Management enables users to view and manage all domains associated with their Atlas identities and is a critical piece of Certificate Lifecycle Management. Through the Atlas portal, you can request validation for new domains, delete existing domains, or renew domains before they expire.

Your domains will be added to containers called 'identity profiles'. Certificates issued to those domains will include any relevant identity information in the linked profile.

Before you begin domain management

Before you can prove control of a domain, you first need to have a purchased service (or a trial service) on your Atlas account, as well as at least one validated identity. Your domains will be associated with your identity, and any Certificates issued for these domains will include any relevant information from the linked identity. For more information about our TLS service offerings, please reach out to our sales department.

When verifying a domain, you will receive an authorization token or an emailed verification link, depending on the verification method you choose. Tokens are valid for 30 days and can be reissued if you are unable to complete domain validation before the token expiration date.

How do I request a domain?

1. After you have purchased a Product Pack and have a verified identity, from the Dashboard, click Domains on the left menu.
2. Select the identity you wish to add the domain to. Only TLS-service identities can use Atlas Domain Management.
   Note: GlobalSign ACME Services cannot be used with Atlas Domain Management since ACME has its own embedded domain management functionality.
3. Click Add a Domain and enter the fully qualified domain name (FQDN) of the domain you wish to verify. Click Save and continue. This will result in a domain claim being created for your domain. A domain verification code (DVC) will be generated along with this claim and made available to you to complete domain verification. This code is good for 30 days and can be renewed when it expires.

How do I verify a domain?

Once you have submitted a domain claim, a domain verification code (DVC) will be generated for you to use to prove control of your domain. This code is good for 30 days and can be renewed when it expires.

1. After you submit a domain claim in the previous section, you can immediately click View and verify this domain, or click Domains on the left menu, select the identity profile associated with the domain, and then click Manage domains.
2. Select the domain you want to verify, and then click Verify this domain.
3. A modal window  will display with different domain validation methods: DNS TXT, HTTP, and Email. Select the one you want to use and follow the prompts to validate your domain with that method.
4. Once you have made the appropriate configurations, click Verify the domain. It may take several minutes for Atlas to show the domain status as "ACTIVE".

How do I delete a domain?

You can delete a domain when it is pending verification or active. 

1. Click Domains on the left menu, select the identity profile associated with your domain, and then click Manage domains.
2. Select the domain and then click Delete domain. 

How do I reset my domain verification code (DVC)?

A DVC is generated when you first submit a claim to prove control of a domain. The DVC is good for 30 days and can be reset if you do not complete domain verification before its expiration.

1. Click Domains on the left menu, select the identity profile associated with your domain, and then click Manage domains.
2. Select the domain and then click Reset DVC.
3. This new DVC will be used when you start the verification process.

What do the domain statuses mean?

When you first request to validate a domain, it will have a "PENDING" status. This means the domain is queued for verification. You have 30 days to complete the verification before the domain verification code (DVC) expires.

You’ll know your domain has expired when the domain’s expiration date has passed, as shown in the Manage domains screen for the applicable identity profile. You are encouraged to renew your domains before they expire so as to have uninterrupted coverage of your domains.

What happens when my domain expires?

As part of PKI agility, TLS domains are typically valid for 13 months. When a domain expires, you cannot issue Certificates for that domain and must revalidate the domain.
You’ll know your domain has expired when the domain’s expiration date has passed, as shown in the Manage domains screen for the applicable identity profile. You are encouraged to renew your domains before they expire so as to have uninterrupted coverage of your domains.

What to do if I receive the error message: "DNS domain validation error: "status": "ERROR","description": "read tcp (ip-address)->(ip-address): i/o timeout","timestamp": 1697487367,"method": "DNS"}"?

If you encounter a timeout or SERVFAIL results when performing a DNS verification, it might be due to a geographic block or IP restriction.
Please have your IT technician review your policies regarding the implementation of regional geographic or IP restrictions.
Note: SERVFAIL may also be a symptom of a DNSSEC validation chain error.