login
  1. Home
  2. Knowledgbase
  3. Validation Process for DV SSL Certificate

Validation Process for DV SSL Certificate

May 30, 2025

What Happens After You Purchased a DV SSL Certificate

After you've purchased DV SSL, follow the below steps to activate and implement HTTPS on your website or device.
  1. Enroll the SSL in your HTTPS.IN account.
  2. Complete DCV (Domain Control Validation)
  3. Install the SSL on your Webserver.
In this knowledge base, we will discuss various domain control validation (choose anyone) & company verification process for DV SSL certificate to get issued.

Domain Control Validation (DCV) Methods 

  1. DNS TXT Record
TXT Record for Validating and Revalidating DigiCert/Thawte/GeoTrust/RapidSSL certificates: 
  1. Log in to your domain's hosting Control Panel 
  2. Select DNS Zone Manager 
  3. Create a new TXT Record with the unique value from your Certificate Enrolment Page 
  4. Set TTL to 3600 or set to default and save. 
  5. Wait for the record to propagate. 

TXT Record for Validating and Revalidating Sectigo Certificates:
  1. Navigate to Domains.
  2. Select the domain to be validated and click Validate.
  3. Select the DNS TXT DCV method.
  4. Click Start.
  5. Add the TXT record to your domain’s DNS settings.
    1. Sign into your domain registrar’s website or your DNS provider.
      Note: Your domain registrar’s website is where you purchased your domain.
    2. Locate the option to add a new DNS record, and select TXT as the record type.
    3. In the Label/Host field, enter the TXT Host/Label value provided.
    4. In the Destination/Target field, enter the TXT Target/Destination value provided.
    5. Save the changes.
  6. Click Submit.
  7. (Optional) Click Check Now to check the status of the DNS TXT record.
  8. Click Close.

  1. DNS CNAME Record
To complete domain verification using DNS, you'll need to add a CNAME or TXT record depending on your SSL vendor (Sectigo or DigiCert Family). Before your certificate can be issued, the new record needs to be viewable by the public using an online DNS lookup tool. It may take 24-48 hours for your record to propagate, which is outside our control.

CNAME Record for Sectigo (formerly Comodo) certificates: 
  1. Log in to your domain's hosting Control Panel 
  2. Select DNS Zone Manager. 
  3. Create a new CNAME Record with the unique values from your certificate enrolment page.
  4. Set TTL to 3600 or set to default and save. 
  5. Wait for the record to propagate.


If this method does not work, you can opt for an alternative verification method by selecting "Change Approver Method" on your Certificate Enrolment page.

CNAME Record for DigiCert certificates: 

Option 1: Create the DNS CNAME record with the static prefix _dnsauth
    1. Go to your DNS provider’s site and create a new CNAME record.
    2. In the hostname field (or equivalent), enter _dnsauth.
    3. In the record type field (or equivalent), select CNAME.
    4. In the target host field (or equivalent), enter [random_value]. dcv.digicert.com to point the CNAME record to dcv.digicert.com.
    5. Select a Time-to-Live (TTL) value or use your DNS provider's default value.
    6. Save the record.
Option 2: Create the DNS CNAME record
  1. Go to your DNS provider’s site and create a new CNAME record.
  2. In the hostname field (or equivalent), enter the random value that you copied from your CertCentral account.
  3. In the record type field (or equivalent), select CNAME.
  4. In the target host field (or equivalent), enter dcv.digicert.com to point the CNAME record to dcv.digicert.com.
  5. Select a Time-to-Live (TTL) value or use your DNS provider's default value.
  6. Save the record.

How to Check if Your Record is Ready!

  1. Check if your CNAME record is validated using a DNS lookup tool like https://www.whatsmydns.net/. Enter the value from your Host Name field and select CNAME. If the "Points To" value is displayed with green check marks, your CNAME record is propagated, and your SSL should be issued soon.



  2. To check if your TXT record has propagated, use a DNS record lookup tool such as https://www.whatsmydns.net. Input your domain and select TXT from the drop-down menu, then hit “Search”. If you can see your TXT record’s unique value with green check marks, your TXT record is propagated, and your SSL should be issued soon.



  1. HTTP/HTTPS File Verification
If you don’t have access to the DNS server to create the DNS record to complete the domain validation process you can choose HTTP record creation or .txt file upload to your website to complete the domain validation process.

Please note for wildcard certificates you must complete the domain validation process by creating DNS record or via Email validation, HTTP record or .txt file upload to your website is not available for the same.

Also, When requesting an SSL certificate for an IP address, DigiCert will only use file-based authentication for domain validation.

To use the file-based method for SSL certificate validation, you need to place the unique verification file at a specific URL. Follow the steps below:
  1. Create a folder titled ".well-known" in your server's public or home directory.
  2. Generate a new folder called "pki-validation" under the "well-known" directory.
  3. place the distinct text file that you downloaded from your Certificate Enrolment page into the folder named "pki-validation". This ensures that the file is properly validated.

Example:
domain.com/.well-known/pki-validation/[a unique file name].txt


If this method does not work, you can opt for an alternative verification method by selecting "Change Approver Method" on your Certificate Enrolment page.


Sections

Quick Links

SSL Brands

Https Links

Have any Questions

Call HTTPS

If you have any questions, feel free to call us

Call: +91-22-42978097

sales@https.in