Before an SSL certificate can be issued, the certificate applicant needs to confirm their domain ownership rights. This is called domain control validation (DCV). When you are activating your certificate, you will be presented with three methods of DCV to choose from:
If you need to switch your chosen DCV method, check the following guide:
Add CNAME record
This validation method involves adding a CNAME record to the DNS settings of your domain.
After you complete SSL activation, you’ll find instructions on completing this DCV method, as well as the values you will need for the CNAME record in the SSL Details page of your account:
Click on Get Record to see the CNAME record values.
Note: Some DNS systems (including the Namecheap system) have the tendency to automatically add the domain name to the values submitted during record creation. Please make sure that your domain name is not duplicated in the values. If your domain is using Namecheap Basic nameservers or PremiumDNS, remove the "example.com" part of the provided Host value before adding it to the validation record for the domain. Copy the Host and Target values and paste them into the corresponding fields in your DNS provider account. Set the minimum possible TTL value.
Note: Please keep in mind that if you are activating a Multi-domain certificate, the DNS record created for the bare domain (without www.) will verify this domain and its subdomain(s) included in the certificate. Nevertheless, to get the certificate issued, all domains/subdomains included in the certificate should be verified.
Once the correct values are set up, head to the SSL details page again, click the link beside "Get a CNAME record".
On the new page, click the 'EDIT METHODS' button.
In the pop-up window, please click Save Changes/Retry Alt DCV to speed up the process of domain control validation.
However, if you are activating a single-domain certificate for a subdomain, you’ll need to set the DNS record for the bare domain directly.
Upload a validation file
This DCV method involves uploading an activation file to your website’s hosting server.
The validation file is a TXT file with a name featuring a combination of numbers and letters, e.g., AN2D4C5H7F01823KRIDHJ.txt.
Important note: When uploading the file, please do not change the file name or its content.
When you’ve completed the activation process, you'll be directed to the SSL Details page in your Namecheap account, where you'll find instructions and a link to the Edit methods page where you can download the validation file.
You’ll need to place the file in the document root directory of your domain name in the subfolder of the '.well-known' folder called 'pki-validation'.
Once you place it here, the validation file should be accessible via the following link: http://yourdomainname.com/.well-known/pki-validation/AN2D4C5H7F01823KRIDHJ.txt, where ‘yourdomainname.com’ is the domain name in the certificate, and ‘AN2D4C5H7F01823KRIDHJ.txt’ should be the exact name of the validation file you downloaded from your Namecheap account without any changes.
If you have a Single-domain SSL, the file needs to be accessible both via http://yourdomainname.com/.well-known/pki-validation/AN2D4C5H7F01823KRIDHJ.txt and http://www.yourdomainname.com/.well-known/pki-validation/AN2D4C5H7F01823KRIDHJ.txt.
These requirements also apply to SSLs activated for subdomains. You should make the file accessible both via http://sub.yourdomainname.com/.well-known/pki-validation/AN2D4C5H7F01823KRIDHJ.txt and http://www.sub.yourdomainname.com/.well-known/pki-validation/AN2D4C5H7F01823KRIDHJ.txt
If you activate your SSL for yourdomainname.com and the file is accessible via yourdomainname.com but not accessible via www.yourdomainname.com, then the SSL will secure only yourdomainname.com. At the same time, if your SSL was activated for www.yourdomainname.com and the file can be accessed via the www subdomain but cannot be accessed via the bare domain (yourdomainname.com), then the SSL will only be issued for www.yourdomainname.com.
For Multi-domain SSLs, the validation file needs to be accessible for each hostname you specified during the SSL activation process.
For example, if you activated your Multi-domain SSL for yourdomain.com, www.yourdomain.com and domain_2.net, the validation file should be accessible for all of these hostnames.
If your Wildcard SSL is pending validation using the "Upload a validation file" method, you should complete it before November 15
. If your Wildcard SSL is not validated until then, you will need to change the DCV method
to "Receive an email" or "Add a CNAME record".
Once your file is uploaded, you can verify it by clicking on the links in the yellow panel with DCV instructions at the top of the SSL details page:
Note: If you have a Multi-Domain SSL and choose this method of DCV for several domains, no link will appear in the yellow panel as each domain will have a different link. To verify each of the domains, you will need to compose the corresponding links by following the instructions in the yellow box and checking each URL in your browser. In most cases, if a simple text line like the one below is shown on the screen, the validation file is accessible.
Once the file is uploaded and accessible externally via the following URL http://your_domain_name.com/.well-known/pki-validation/filename.txt, please click Save Changes/Retry Alt DCV. This will force the Certificate Authority to perform the DCV check.
Note: If you are activating your certificate for a subdomain, you can either upload the text to the domain’s main directory or the subdomain’s directory. So the file should be accessible either via http(s)://example.com/.well-known/pki-validation/ or via http(s)://sub.example.com/.well-known/pki-validation/ If you are activating a Multi-domain certificate
for subdomains, the validation file should be placed into the Document root directory of each corresponding domain. We recommend having it uploaded for each subdomain as well.
Note: If you have activated the certificate with domain.com indicated as the FQDN (Fully Qualified Domain Name) in your CSR code, please make sure that the file is available via http://domain.com/.well-known/pki-validation/file.txt . In this case, www.domain.com is considered to be under your control as well.
If your CSR code contains www.domain.com as the FQDN, please make sure that the file is available via the link http://domain.com/.well-known/pki-validation/file.txt . The file’s contents shouldn't be changed in any way, as Comodo’s (now Sectigo) validation system is case sensitive.
Receive an email
This option requires you to have a domain-related email address from the suggested list. The exact email address which will be used for the DCV purpose is selected during the SSL activation process.
Due to CA/B forum regulations, you can only use a domain Whois record contact email or one of the following domain-related generic emails to receive an approval email:
Note: The Whois email address usually looks something like 00222eeef898g6245jbkhdshml42@your_whois_privacy.service if the Whois privacy protection service is On.
After you have completed the SSL activation process, the Certificate Authority will send an email to the email address you selected.
If the Whois record email does not appear in the list of possible emails you can choose during activation, it means that the Certificate Authority failed to retrieve the Whois record for your domain from your CSR code. This is quite common for domains with such TLDs as .ca, .br, .uk, .au, etc. In this case, if you want to validate the certificate
using the email from Whois, you can choose any email from the list for activation. After you complete activation, please submit a request
to Sectigo’s ticketing system to switch the validation email, mentioning your Sectigo Order Number. That number is specified as 'CA order ID' on the SSL Details
Once the activation is complete, an email will be sent to you. To confirm the domain ownership rights for your certificate, you need to copy the validation code from the approval email, follow the link, and then paste the validation code into the corresponding field on the new page and click Next.
Paste the code from the email and hit Next.
If you do not receive the approval email, you can always retry it by clicking Resend email on the Edit methods page. The link to the Edit methods page is available in the validation instructions panel placed on the SSL Details page.
Changing DCV methods
If you chose a particular DCV method during activation but want to switch to a different one later, you can change it on your account page. Navigate to your Namecheap account Dashboard, open the SSL Certificates page and locate the SSL certificate in question and click Details next to it.
On the next page, click the link in the yellow table with DCV instructions to go to the Edit methods page.
On the Edit methods page, you'll see the following button:
When you click it, you will be presented with the three possible DCV options in a drop-down menu.
Choose the desired method and click Save Changes / Retry Alt DCV.
Then perform the required steps to complete the DCV.
Note: You can also use this SSL Validation Tool to check your SSL’s status, switch validation method, and speed up SSL certificate issuance.
Note: If you have a Domain Validation certificate, it will be emailed to you shortly after DCV is complete.
If you have an OV or an EV certificate, your order will need to undergo business validation. After you complete the DCV, you will receive an email from Comodo (now Sectigo) with further instructions.