Skip to main content

Select a DCV method for DV certificates

When placing a DV TLS certificate request, you select a DCV method to validate all the domains on the certificate. You can switch validation methods from the certificate's order details page after the request is submitted.

Method

How it works

Best for

Steps

Email to DNS TXT record contact

DigiCert sends an authorization email to the address in the domain's DNS TXT record

Environments where DNS access is available and a monitored contact email is defined

Add and validate a domain using email to DNS TXT record contact

Email to DNS CAA record contact

DigiCert sends an authorization email to the address in the domain's CAA record

Environments where a CAA record contact email is already configured

Add and validate a domain using email to DNS CAA record contact

Constructed email

DigiCert sends authorization emails to standard administrative addresses such as admin@ and webmaster@

Environments where standard administrative email aliases are monitored

Add and validate a domain using constructed email

Persistent DNS TXT record

Add the DigiCert-provided persistent URI to the domain's DNS as a persistent TXT record and leave it in place for future validations

Environments where DNS access is available and the domain can be validated through a TXT record.

Recommended because…

You set up the DNS TXT record once and keep it in place for future domain validations.

Validate domains on a pending DV TLS certificate using persistent DNS TXT records

DNS TXT record

Add a DigiCert-generated random value to the domain's DNS as a TXT record

Environments where DNS access is available and the domain can be validated through a TXT record.

Add and validate a domain using DNS TXT record

DNS CNAME record

Create a CNAME record pointing to a DigiCert validation host

Environments where DNS access is available and the domain uses CNAME routing

Add and validate a domain using DNS CNAME record

HTTP Practical Demonstration

Place a DigiCert-generated file on the web server at a specific URL

Environments with web server access and open port 80. Supports IPv4 and IPv6 address validation.

Add and validate a domain using HTTP Practical Demonstration

Note: DV certificates don’t support the HTTP Practical Demonstration with unique filename DCV method.

WHOIS-based DCV email methods

On May 8, 2025, DigiCert ended support for WHOIS-based DCV email methods. DigiCert no longer queries WHOIS to find email addresses for domain validation. To continue using email validation, use the DNS TXT record contact, DNS CAA record contact, or constructed email addresses method. Learn more about the end of life for WHOIS-based DCV methods.

Notice

DV certificates don’t support domain prevalidation.

For detailed steps for each method, see the relevant topic in this chapter.

What's next

Complete validation from the Order details page to finish domain validation after selecting your method