cloudflare · RebeccaTamachiro · Feb 3, 2025 · Jan 31, 2025 · Jan 31, 2025 · Jan 31, 2025
@@ -25,13 +25,11 @@ If you encounter issues with HTTP DCV, refer to the [troubleshooting guide](/ssl
 
 ## Limitations
 
-HTTP DCV is only available for [proxied domains](/dns/manage-dns-records/reference/proxied-dns-records/).
+HTTP DCV is only available for [proxied domains](/dns/manage-dns-records/reference/proxied-dns-records/). It is possible to manually add the DCV token to the `.well-known/pki-validation/` directory on your origin web server to pre-validate your certificates.
 
-HTTP DCV validation also does not work for wildcard certificates.
+HTTP DCV validation does not work for wildcard certificates. If you want to use wildcard certificates, use [TXT validation](/ssl/edge-certificates/changing-dcv-method/methods/txt/).
 
-If you want to use wildcard certificates or pre-validate your certificate — either to avoid downtime or prevent any issuance errors — use [TXT validation](/ssl/edge-certificates/changing-dcv-method/methods/txt/).
-
-Based on your chosen Certificate Authority, you may also not be able to use HTTP verification with [advanced certificates](/ssl/edge-certificates/advanced-certificate-manager/).
+Based on your chosen certificate authority (CA), you may also not be able to use HTTP verification with [advanced certificates](/ssl/edge-certificates/advanced-certificate-manager/).
 
 ## Setup
 
@@ -47,7 +45,7 @@ To make sure your domain does not accidentally block HTTP DCV, review your Cloud
 
 ### Complete DCV
 
-Your HTTP token will be available for the Certificate Authority as soon as you finish your [partial domain setup](/dns/zone-setups/partial-setup/setup/#3-add-dns-records).
+Your HTTP token will be available for the certificate authority as soon as you finish your [partial domain setup](/dns/zone-setups/partial-setup/setup/#3-add-dns-records).
 
 This means that you need to add a CNAME record to Cloudflare in your authoritative DNS and create [proxied DNS records](/dns/manage-dns-records/reference/proxied-dns-records/) for your hostname within Cloudflare.
 

@@ -3,6 +3,6 @@
 
 ---
 
-Cloudflare contacts one of our Certificate Authority providers and asks them to issue certificates for the specified hostname. The CA will then inform Cloudflare that we need to “demonstrate control” of this hostname by returning a `$DCV_TOKEN` at a specified `$DCV_FILENAME`; both the token and the filename are randomly generated by the CA and not known to Cloudflare ahead of time.
+Cloudflare contacts one of our certificate authority (CA) providers and asks them to issue certificates for the specified hostname. The CA will then inform Cloudflare that we need to “demonstrate control” of this hostname by returning a `$DCV_TOKEN` at a specified `$DCV_FILENAME`; both the token and the filename are randomly generated by the CA and not known to Cloudflare ahead of time.
 
 For example, if you create a new custom hostname for `site.example.com`, the CA might ask us to return the value `ca3-38734555d85e4421beb4a3e6d1645fe6` for a request to `http://site.example.com/.well-known/pki-validation/ca3-39f423f095be4983922ca0365308612d.txt"`. As soon as we receive that value from the CA we make it accessible at our edge and ask the CA to confirm it’s there so that they can complete validation and the certificate order.
@@ -5,7 +5,7 @@
 
 For wildcard hostname certificates, certificate issuance and renewal varies based on the type of certificate you are using:
 
-* **Universal**: Perform DCV using one of the available [methods](/ssl/edge-certificates/changing-dcv-method/methods/).
+* **Universal**: Perform DCV using [TXT validation method](/ssl/edge-certificates/changing-dcv-method/methods/txt/).
 * **Advanced**: In most cases, you can opt for [Delegated DCV](/ssl/edge-certificates/changing-dcv-method/methods/delegated-dcv/), which greatly simplifies certificate management.
 
 If you cannot use Delegated DCV, you need to use [TXT based DCV](/ssl/edge-certificates/changing-dcv-method/methods/txt/) for certificate issuance and renewal. This means you will need to place one TXT DCV token for every hostname on the certificate. If one or more of the hostnames on the certificate fails to validate, the certificate will not be issued or renewed.