Configuring DNS-Based Sectigo Validation via M-Pesa Gateways in Kenya

The Local Security Landscape in Nairobi

Establishing secure websites in East Africa has traditionally been hindered by payment friction and complex validation procedures. Kenyan startups and network operations centers (NOCs) need billing flows that do not rely entirely on international credit cards.

By combining Paystack-integrated M-Pesa gateways with Sectigo DNS validation, Shika Cloud Technologies aims to streamline SSL ordering and validation.

DNS vs. Email Validation

Sectigo offers two main validation loops for Domain Validation (DV) SSL certificates:

1. Email Loop: The Certificate Authority (CA) mails a validation link to specific aliases (like admin@, webmaster@, or hostmaster@).
2. DNS Validation: The CA checks for a specific TXT or CNAME record containing a unique cryptographic token inside the domain's DNS zone.

DNS validation is superior for automation because it does not require human email access.

The Dual-Validation SSL Handler Flow

When an SSL order is paid via M-Pesa on Shika Cloud:

1. The systems engine queries the domain's live nameservers.
2. If Nameservers Point to Contabo Infrastructure: The validation payload is set to 'DNS', the order is created, and the returned validation token is written to the local DNS zone file. The CA can then verify it after propagation completes.
3. If Nameservers Point Externally: The system halts, transitions the order status to Awaiting_Validation_Selection, and prompts the user inside their Filament Workspace panel to select a verified admin email alias (such as admin@domain.com) to initiate the mail loop.