How can I complete the domain control validation (DCV) for my SSL certificate?
Before a certificate can be issued, the certificate applicant needs to confirm the domain ownership rights. With the implementation of the new Account Panel, you have an opportunity to select several methods of domain control validation (DCV) during the certificate activation.
There are three DCV methods:
Email validation. The most ordinary and well-known option to confirm the domain ownership. During the certificate activation, you will need to select the email address to which an approval email will be sent. Due to regulations of Certificate Authorities, it is only possible to use either a domain whois record or one of the following domain-related generic emails to receive an approver email: email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org or email@example.com . After the enrollment process is completed on our site, you will receive an email from the Certificate Authority to the selected email address.
If the whois record is not showing in the list of possible emails, it means that the Certificate Authority failed to retrieve the whois record for your domain (This is a quite common case for domains with such TLDs as .ca, .br, .uk, .au, etc.) from your CSR code. In this case, if you want to validate the certificate using the email from whois, you can choose any email from the list for activation. After the activation is completed, please contact our support team with a request to resend the approver email to an address from whois.
Once the activation is completed, email will be sent to you. To confirm the domain ownership rights for your certificate, you need to copy the validation code from the approval email, follow the link in it and paste the validation code into the corresponding field.
Paste the code from the email and hit Next.
That's it! The certificate will be emailed to you in a few minutes after the DCV is completed.
If you do not receive approval email to your mailbox, you can always retrieve it by clicking Resend Email.
HTTP-based validation. It involves uploading of the activation file to the following directory of your site: /.well-known/pki-validation/.
The text file can be retrieved after the enrollment process is completed. Right after the order submission, you will be brought to the certificate management page.
Once the file is uploaded and accessible externally via the following URL http://your_domain_name.com/.well-known/pki-validation/filename.txt, please click Save Changes/Retry Alt DCV. This will force DCV check on Certificate Authority side.
Note: If you are activating your certificate for a subdomain, you need to upload the text into the domain main directory; if the file is uploaded to the directory of the subdomain - it should get verified as well. So basically, the file should be accessible either via http(s)://example.com/.well-known/pki-validation/ or via http(s)://sub.example.com/.well-known/pki-validation/
If you are activating a Multi-domain certificate for subdomains, the validation file should be placed into the Document root directory of the each corresponding domain. We recommend having it uploaded for each subdomain as well.
Note: If you have activated the certificate with domain.com indicated as FQDN in your CSR code, please make sure that the file is available via http://domain.com/.well-known/pki-validation/file.txt . In this case, www.domain.com is considered to be under your control as well.If your CSR code contains www.domain.com as FQDN, please make sure that the file is available via the link http://domain.com/.well-known/pki-validation/file.txt .
Content of the file shouldn't be changed in any way, as Comodo (now Sectigo) validation system is case sensitive.
DNS-based validation. For this validation method you need to create a certain CNAME record in the DNS settings of your domain.
The values for CNAME record will be also available in your account after the order is submitted for activation to the CA.
The values for the CNAME record will be provided to you.
NOTE! Some DNS systems(Namecheap system as well) have such peculiarity that they add domain name automatically to the values submitted during record creation. Please make sure that your domain name is not duplicated in the values: if the domain is using Namecheap Basic nameservers or PremiumDNS remove the "example.com" part of the provided Host value before adding it to the validation record for the domain. Copy the Host and Target values and paste them in the corresponding fields in the account with your DNS provider. Set the minimum possible TTL value.
NOTE! Please keep in mind that if you are activating a Multi-domain certificate, the DNS record should be placed for every domain/subdomain included in the certificate, replacing the domain name in the field 'Host' with the corresponding domain/subdomain. Other values remain the same.
Once the correct values are set up, please click Save Changes/Retry Alt DCV in order to speed up the process of domain control validation.
However, if a single-domain certificate is activated for a subdomain, the DNS record needs to be set for the bare domain directly.
Changing DCV methods
If you chose a particular DCV method, submitted the order, but suddenly changed your mind about the way of validation, you can change it in your account for the certificates that are awaiting validation. The option can be found at the certificate management page for a needed SSL. Please click this button if you wish to change your DCV method.
You will be switched to the next page where you will be able to change DCV method to the preferable one.
Choose the desired method and perform the required steps to complete the DCV.
Note! If you have an OV or an EV certificate, your order will undergo a business validation. After you complete the DCV, expect the email from Comodo (now Sectigo) with the further instructions.