One of the most important elements of the SSL certificate process is validation. When you purchase a SSL certificate, the Certificate Authority (CA) that's issuing it will put your website or organization through a process called validation. The validation process depends on the type of SSL certificate you purchased and has a direct impact on the level of trust that certificate inspires.
Domain Validation SSL certificates are the most basic of the three types of SSL/TLS certificates. You only need to prove that you have ownership over the domain(s) that you’re requesting on the SSL certificate. The available options for proving domain ownership are listed below. Please be aware that the following methods are the only ways to prove domain ownership. If you are not able to perform any of the below operations, then you will not be able to receive your SSL certificate from the CA. Fortunately, these methods only take minutes to complete, are simple to do.
Options for Completing Domain Control Validation
1. Email Verification
To use this verification method, you will need to have access to any of the pre-approved email addresses listed below OR any email address listed on your domain’s public WHOIS directory. If you are unsure of what is listed on your domain’s WHOIS, contact your domain registrar for assistance.
ONLY the below email addresses OR any WHOIS email address can be used for email-based verification.
Email-based domain validation can often be the fastest and easiest method. However, due to the nature of the email, being sent from a “no-reply” address by an automated system, the DCV email is often blocked or improperly sorted. If you do not see the DCV email right away, please check the junk folder and spam filters. If you still can’t find it, we advise to whitelist the CA’s validation teams IP addresses and main email addresses on your mail server or firewall.
2. HTTP/HTTPS File Verification
To use this verification method you will need to create 2 new sub-folders on your public directory for every domain you are requesting and then place a unique file into the sub-folders. Access to your hosting control panel or your server will be required to make these changes.
The Authentication File should always be posted with these folders/directories:
(Note: you may need to enable “show hidden files/folders” to be sure the folder is not already created, since you can’t have 2 folders with the same name)
- For Windows servers the first folder must be named “.well-known.” as you may encounter an error naming the folder without the trailing dot at the end of the name.
3. DNS Verification
To use this method, you will need to create a CNAME record (Sectigo Products) or a TXT record (Digicert/Symantec/GeoTrust/Thawte/RapidSSL Products) within your DNS Manager and wait for it to propagate to the internet. This can take up to 24 hours to fully complete and is outside of our control. Access to your hosting control panel or your server will be required to make these changes.
Regardless of which type of record you will be creating, the new record will need to be publicly visible using an online DNS Lookup tool before your certificate can be issued. This way we know that the vendor’s system will be able to access the record and validate your SSL.