How can I complete the domain control validation (DCV) for my SSL certificate?

Before a certificate can be issued, the certificate applicant needs to confirm the domain ownership rights. It is possible to select from the following three methods of domain control validation (DCV) during the certificate activation.

  1. Add CNAME record
  2. Upload a validation file
  3. Receive an email

 

Add CNAME record

This validation method implies adding a specific CNAME record in the DNS settings of your domain.

 

The values for CNAME record will be also available in your account after the order is submitted for activation to the CA, you'll find the instructions on the SSL Details page:

The values for the CNAME record will be provided once you click on Get Record.

Note: Some DNS systems(Aviumshost system as well) have such peculiarity that they add domain name automatically to the values submitted during record creation. Please make sure that your domain name is not duplicated in the values: if the domain is using Aviumshost Basic nameservers or PremiumDNS remove the "example.com" part of the provided Host value before adding it to the validation record for the domain. Copy the Host and Target values and paste them in the corresponding fields in the account with your DNS provider. Set the minimum possible TTL value.

Note: Please keep in mind that if you are activating a Multi-domain certificate, the DNS record should be placed for every domain/subdomain included in the certificate, replacing the domain name in the field 'Host' with the corresponding domain/subdomain. Other values remain the same. Once the correct values are set up, please click Save Changes/Retry Alt DCV in order to speed up the process of domain control validation.

However, if a single-domain certificate is activated for a subdomain, the DNS record needs to be set for the bare domain directly.

Upload a validation file

This method involves uploading of the activation file to the hosting server. The validation file is a TXT file with the name containing numbers and letters, e.g. AN2D4C5H7F01823KRIDHJ.txt.

Important note: When uploading the file, please do not change the file name or its content.

Right after the enrollment process you'll be directed to the SSL Details page in your Aviumshost account, where you'll find the instructions and the link to the Edit methods page with the file download option available.

The file should be placed into the '.well-known' folder and 'pki-validation' subfolder of the document root directory for the domain name.

As a result, the validation file should be accessible via the requested path for the validation: http://yourdomainname.com/.well-known/pki-validation/AN2D4C5H7F01823KRIDHJ.txt, where ‘yourdomainname.com’ is the domain name in the certificate and ‘AN2D4C5H7F01823KRIDHJ.txt’ should be the exact name of the validation file downloaded from the Aviumshost account without changes.

You'll also be able to verify your validation file by clicking on the link in that yellow panel with DCV instructions at the top:

Note: If you have a Multi-Domain SSL with File-based method selected for several domains, the link won't show in the yellow panel, as it will differ for all of the domains. Thus, to verify each of the domains, you can just compose the corresponding links following the instructions in the notice and then check those in browser URL. In most cases, if a simple text line is shown on the screen, the validation file is accessible.

Once the file is uploaded and accessible externally via the following URL http://your_domain_name.com/.well-known/pki-validation/filename.txt, please click Save Changes/Retry Alt DCV. This will force DCV check on Certificate Authority side.

Note: If you are activating your certificate for a subdomain, you need to upload the text into the domain main directory; if the file is uploaded to the directory of the subdomain - it should get verified as well. So basically, the file should be accessible either via http(s)://example.com/.well-known/pki-validation/ or via http(s)://sub.example.com/.well-known/pki-validation/ If you are activating a Multi-domain certificate for subdomains, the validation file should be placed into the Document root directory of the each corresponding domain. We recommend having it uploaded for each subdomain as well.

Note: If you have activated the certificate with domain.com indicated as FQDN (Fully Qualified Domain Name) in your CSR code, please make sure that the file is available via http://domain.com/.well-known/pki-validation/file.txt . In this case, www.domain.com is considered to be under your control as well.

If your CSR code contains www.domain.com as FQDN, please make sure that the file is available via the link http://domain.com/.well-known/pki-validation/file.txt .

Content of the file shouldn't be changed in any way, as Comodo (now Sectigo) validation system is case sensitive.
 

Receive an email

This option is the most ordinary and well-known method to confirm the domain ownership. During the certificate activation, you will need to select the email address to which an approval email will be sent.

Due to regulations of CA/B forum, it is only possible to use either a domain Whois record or one of the following domain-related generic emails to receive an approval email:

  • admin@example.com
  • administrator@example.com
  • postmaster@example.com
  • webmaster@example.com
  • hostmaster@example.com
Note: The Whois email address usually looks something like 00222eeef898g6245jbkhdshml42@your_whois_privacy.service if the Whois privacy protection service is On.
 

After the enrollment process is completed on our site, you will receive an email from the Certificate Authority to the selected email address.

If the Whois record is not showing in the list of possible emails, it means that the Certificate Authority failed to retrieve the Whois record for your domain (This is a quite common case for domains with such TLDs as .ca, .br, .uk, .au, etc.) from your CSR code. In this case, if you want to validate the certificate using the email from Whois, you can choose any email from the list for activation. After the activation is completed, please submit a request via Sectigo ticketing system to switch the email for validation, mentioning your Sectigo Order Number. That number is specified as 'CA order ID' on the SSL Details page.

If you face any issues or delays with processing the request, please feel free to contact our support for the assistance.

Once the activation is completed, email will be sent to you. To confirm the domain ownership rights for your certificate, you need to copy the validation code from the approval email, follow the link in it and paste the validation code into the corresponding field.

Paste the code from the email and hit Next.

That's it!

If you do not receive approval email to your mailbox, you can always retry it by clicking Resend email on the Edit methods page. The link to the Edit methods page is available in the validation instructions panel placed on the SSL Details page.

If you have a Domain Validation certificate, it will be emailed to you shortly after the DCV is done.

Changing DCV methods

If you chose a particular DCV method, submitted the order, but suddenly changed your mind about the way of validation, you can change it in your account for the certificates that are awaiting validation. To find the option, go to "Product List" and click "Details" next to the pending certificate in question. On the next page, use the link in the yellow DCV instructions panel to go to the "Edit methods" page.

On the "Edit methods" page, you'll see the following button at the right:

Upon clicking it, you will see the window pop up with the DCV options available to choose in a drop-down menu.

Choose the desired method and click Save Changes / Retry Alt DCV.

Then perform the required steps to complete the DCV.

Note: To check the progress status, switch the validation method and take action to expedite your Certificate issue, use the convenient SSL Validation Tool.

Note: If you have an OV or an EV certificate, your order will undergo a business validation. After you complete the DCV, expect the email from Comodo (now Sectigo) with the further instructions.

  • 24 Users Found This Useful
Was this answer helpful?

Related Articles

How to Generate CSR (Certificate Signing Request) Code

What is a CSR? CSR code (Certificate Signing Request) is a specific code and an essential part...

How do I reissue my SSL certificate?

How do I reissue my SSL certificate? Before starting a reissue, you will need to generate a...