Skip to main content

Add and validate a domain using HTTP Practical Demonstration with unique filename

Add a domain to CertCentral and demonstrate control over it by hosting a file with a DigiCert-generated unique filename at a predetermined location on your web server.

Notice

Use this method when you use 302 redirects to point addresses to a central authentication server that hosts all HTTP validation files with unique filenames. DV certificates do not support this method.

Before you begin

  • At least one organization must exist in your CertCentral account before adding a domain. See Add an organization to CertCentral.

  • To use the domain in OV, EV, or Private TLS certificates, submit the organization for organization validation before adding the domain.

  • You must have access and permission to add files to the web server for the domain being validated.

  • Port 80 must be open and publicly accessible.

  • DV certificates do not support this method. For DV certificate domain validation, use HTTP Practical Demonstration or a DNS-based method.

Step I: Add the domain and select HTTP Practical Demonstration as the DCV method

  1. In the CertCentral main menu,

    • For Enterprise, Partner, or Legacy accounts: go to Certificates > Domains.

    • For Subscription accounts: go to Validation > Domains.

  2. On the Domains page, select New Domain.

  3. On the New Domain page, under Domain Details, enter the following:

    • Domain Name: Enter the domain you want to validate.

    • Organization: Select the organization to assign the domain to.

  4. Under Domain control validation (DCV) method, select HTTP Practical Demonstration with unique filename.

  5. Select Submit for validation.

Step II: Create the validation file and place it on your web server

  1. On the domain details page, in the Domain control validation (DCV) method section, under User actions, copy the value from the Your unique verification token box. The verification token expires after 30 days. To generate a new token, select Generate New Token.

    Notice

    If DigiCert generates two or more unique random values for the same domain, do not be concerned. All values are valid. Use any one of them to complete validation.

  2. Open a text editor such as Notepad and add the verification token as the only content in the file. Do not add extra characters, labels, or line breaks.

  3. Save the file using the exact DigiCert-generated filename. For example: ES3e9203kd0238K3.txt.

    Do not modify the filename.

  4. Place the file on your web server under /.well-known/pki-validation/ . If the /.well-known/pki-validation/ directory does not exist, create it first:

    For Windows-based servers, use the command line (mkdir .well-known ) or set up a virtual directory in IIS.

  5. Confirm the file is publicly accessible at:

    http://[your-domain]/.well-known/pki-validation/ES3e9203kd0238K3.txt

Step III: Complete domain validation in CertCentral

  1. In the CertCentral main menu,

    • For Enterprise, Partner, or Legacy accounts: go to Certificates > Domains.

    • For Subscription accounts: go to Validation > Domains.

  2. On the Domains page, in the Domain name column, select the domain link.

  3. On the domain details page, in the Domain control validation (DCV) method section under User actions, select Check HTTP Token.

You can run the validation check manually or wait for DigiCert's automatic DCV check, also called DCV polling, to validate the domain automatically.

Notice

You may delete the validation file after you have verified your domain control.

Notice

Validation applies only to the fully qualified domain name as requested. Validating example.com does not validate www.example.com. Validate each domain and subdomain separately.

Common configuration issues

  • The unique filename is modified. The filename must be used exactly as provided by DigiCert.

  • The file is not accessible over HTTP. Confirm port 80 is open and the file path is correct.

  • Redirects prevent DigiCert from retrieving the file. Redirects must use supported HTTP status codes (301, 302, or 307) and begin with the domain being validated.

  • DNS resolves to a different server than expected. Confirm the domain resolves to the server hosting the validation file.

  • The verification token has expired. Select Generate New Token and repeat from Step II, Step 1.

Related topics

What's next

Validate domains using DNS validation methods to use DNS record-based validation when web server access is restricted

In diesem Abschnitt: