When issuing a new SSL certificate, using the DNS validation method, a typical CNAME record looks like this:
Name: _954b47e2034eb35cb5e92af85ed074e0.sub.domain.com.
Type: CNAME
Value: _333e1a50ddb2aee40a75495d4b502e43.stwyzjdjkd.acm-validations.aws.
Many of our customers cannot use an underscore in the "Name" section with their DNS system. This makes the whole validation process very frustrating.
We are aware that the underscore can be removed from the VALUE, but not from the NAME.
Why is the underscore needed?