Skip to main content

Activate domain locking


Use this endpoint to activate domain locking for a given domain. Domain locking prevents users in other CertCentral accounts from requesting certificates for the domain.


To use lock a domain, you must enable domain locking in your CertCentral account. See Domain locking – Enable domain locking for your account.

Finish protecting your domain

When you activate domain locking, the domain's lock status (domain_locking_status) becomes pending. To finish protecting your domain, you must:

  1. Place the account token on the DNS CAA resource record for the domain (see Domain locking – Locking a domain, step 6). To get the account token (account_token), use the Domain info API.

  2. Check the CAA record for the domain by submitting a request to the Check CAA (domain lock) endpoint.

  3. If the information on the CAA record is correct, the domain's lock status becomes enabled, and the domain is locked.

Example requests and responses

Path parameters






Domain ID.