Skip to main content

Validate domains using website validation methods

Use website validation to demonstrate control over a domain or IP address by hosting a DigiCert-generated file at a predetermined location on your web server. DigiCert retrieves the file to confirm domain control.

Notice

Website validation methods support IPv4 and IPv6 address validation in addition to fully qualified domain names (FQDNs). HTTP Practical Demonstration is the only DCV method DigiCert supports for demonstrating control over IPv4 and IPv6 addresses.

DigiCert supports two website-based DCV methods:

  • Add and validate a domain using HTTP Practical Demonstration

  • Add and validate a domain using HTTP Practical Demonstration with unique filename

Before you begin

Before using website validation, confirm the following:

  • You have access and permission to add files to the web server for the domain or IP address being validated

  • Port 80 is open and publicly accessible on the web server

  • You can create the /.well-known/pki-validation/ directory on the server

Notice

Depending on your firewall configuration, you may need to allowlist specific DigiCert IP addresses for the HTTP Practical Demonstration validation process to succeed. Learn more about the IP addresses DigiCert uses for the HTTP Practical Demonstration check.

Limitations of website-based DCV methods

You cannot use HTTP Practical Demonstration DCV methods to:

  • Validate wildcard domains such as *.example.com

  • You have at least one organization in your CertCentral account. For OV, EV, Private TLS/SSL, and Secure Email certificates, the organization must be submitted for organization validation before you add the domain

  • Include subdomains in the validation process while validating a higher-level domain. For example, if you want to cover www.example.com, mail.example.com, and one.example.com while validating example.com, use another DCV method.

  • Validate entire domains and subdomains simultaneously

For wildcard domains or subdomain coverage, use a DNS-based or email-based DCV method instead.

Related topics

What's next

Add and validate a domain using HTTP Practical Demonstration to host a validation file on your web server

In diesem Abschnitt: