Knowledge Base

Domain validation process

DNS TXT record (DNS Change)

Use this method if you can modify the domain's DNS Record to include a TXT record:

1. Go to your DNS provider and create a TXT record.
2. Add a DigiCert-provided random value to the domain's TXT record.
3. DigiCert does a search for a DNS TXT record associated with the domain that includes the DigiCert-provided random value to verify your control over the domain.

Email to DNS TXT contact

Use this method if you can modify the domain's DNS Record to include an email address:

1. Place the DNS TXT record on the _validation-contactemail subdomain of the domain you want to validate.
2. RDATA value of this text record must be a valid email address.
3. DigiCert sends an authorization email to the email address listed in the DNS TXT record.
4. An email recipient follows the instructions in a confirmation email to demonstrate your control over the domain.

Email to Constructed email address

Use this method if you created a pre-approved email aliases for the pending domain:

• admin@{domain_name}
• administrator@{domain_name}
• hostmaster@{domain_name}
• postmaster@{domain_name}
• webmaster@{domain_name}

DigiCert sends an authorization email to the preapproved email aliases for the domain.

An email recipient follows the instructions in a confirmation email to demonstrate your control over the domain.

Note: Before DigiCert can successfully send an authorization email to the domain owner (or domain controller), we must verify that an MX record (a resource record in the Domain Name System [DNS]) exists in the DNS records of the recipient's domain name. The presence of valid MX records enables us to send the authorization email.

DNS CNAME record

Use this method if you can modify the DNS Record to include a CNAME record:

1. Go to your DNS provider and create a CNAME record.
2. In the hostname field, enter _dnsauth. Then, add [random_value].dcv.digicert.com in the target host field to point the CNAME record to dcv.digicert.com.

DigiCert does a search for a DNS CNAME record associated with the domain that includes the DigiCert-generated random value to verify you control over the domain.

HTTP Practical Demonstration

You can only use the HTTP Practical Demonstration DCV methods to demonstrate control over fully qualified domain names (FQDNs) exactly as named. To learn more, visit Domain Validation Policy Changes.

• HTTP Practical Demonstration
  
  Use this method if you can host a file containing a DigiCert-generated random value at a predetermined location on your website: http://{domain-name}/.well-known/pki-validation/fileauth.txt.
  DigiCert visits the specified URL to confirm the presence of our random value and verify your control over the domain.
  
  
• HTTP Practical Demonstration with unique filename
  
  Use this method if you need to host a file with a DigiCert-generated filename that contains a DigiCert-generated random value at a predetermined location on your website: http://{domain-name}/.well-known/pki-validation/{unique-filename}.txt.
  DigiCert visits the specified URL to confirm the presence of our random value and verify your control over the domain.

Email to WHOIS

DigiCert sends an authorization email to the registered owners of the public domain as shown in the domain's WHOIS Registrant, Administrative, or Technical contact information.

An email recipient follows the instructions in a confirmation email to demonstrate your control over the domain.