Select a DCV method for DV certificates
When placing a DV TLS certificate request, you select a DCV method to validate all the domains on the certificate. You can switch validation methods from the certificate's order details page after the request is submitted.
Method | How it works | Best for | Steps |
|---|---|---|---|
Email to DNS TXT record contact | DigiCert sends an authorization email to the address in the domain's DNS TXT record | Environments where DNS access is available and a monitored contact email is defined | Add and validate a domain using email to DNS TXT record contact |
Email to DNS CAA record contact | DigiCert sends an authorization email to the address in the domain's CAA record | Environments where a CAA record contact email is already configured | Add and validate a domain using email to DNS CAA record contact |
Constructed email | DigiCert sends authorization emails to standard administrative addresses such as admin@ and webmaster@ | Environments where standard administrative email aliases are monitored | |
Persistent DNS TXT record | Add the DigiCert-provided persistent URI to the domain's DNS as a persistent TXT record and leave it in place for future validations | Environments where DNS access is available and the domain can be validated through a TXT record. Recommended because… You set up the DNS TXT record once and keep it in place for future domain validations. | Validate domains on a pending DV TLS certificate using persistent DNS TXT records |
DNS TXT record | Add a DigiCert-generated random value to the domain's DNS as a TXT record | Environments where DNS access is available and the domain can be validated through a TXT record. | |
DNS CNAME record | Create a CNAME record pointing to a DigiCert validation host | Environments where DNS access is available and the domain uses CNAME routing | |
HTTP Practical Demonstration | Place a DigiCert-generated file on the web server at a specific URL | Environments with web server access and open port 80. Supports IPv4 and IPv6 address validation. | Add and validate a domain using HTTP Practical Demonstration |
Note: DV certificates don’t support the HTTP Practical Demonstration with unique filename DCV method. | |||
WHOIS-based DCV email methods
On May 8, 2025, DigiCert ended support for WHOIS-based DCV email methods. DigiCert no longer queries WHOIS to find email addresses for domain validation. To continue using email validation, use the DNS TXT record contact, DNS CAA record contact, or constructed email addresses method. Learn more about the end of life for WHOIS-based DCV methods.
Notice
DV certificates don’t support domain prevalidation.
For detailed steps for each method, see the relevant topic in this chapter.
What's next
Complete validation from the Order details page to finish domain validation after selecting your method