Skip to main content

Website-based DCV methods

When using the website-based DCV methods, you must repeat the process each time you validate a domain.

  1. Create a .txt file and add the random value provided by DigiCert to it..

  2. Create the /.well-known/pki-validation directory on your website.

  3. Place the .txt file on your site under /.well-known/pki-validation.

  4. A domain or IP address is validated when DigiCert goes to the predetermined location and confirms the presence of the DigiCert-generated value.

DigiCert supports two website-based DCV methods:

When using these website-based methods, make sure that you avoid the common mistakes made when using the HTTP Practical Demonstration DCV method.

Acronyms in this article: Domain Name System (DNS), Internet Information Services (IIS), Hypertext Transfer Protocol (HTTP), organization validation (OV), extended validation (EV), domain validation (DV), Transport Security Layer (TLS)

Things to consider when using the HTTP Practical Demonstration DCV methods

This DCV method works well if you have access to the website server. It doesn’t require you to create a DNS TXT record or configure email recipients. Also, HTTP Practical Demonstration is the DCV method DigiCert supports for demonstrating control over IPv4 and IPv6 addresses.

Allowlists

Depending on your firewall configurations, you may need to "allowlist" specific DigiCert IP addresses for the HTTP Practical Demonstration domain validation process to succeed. DigiCert can't find the file if we can't get through your firewall.

Learn more about the IP addresses DigiCert uses for the HTTP Practical Demonstration check.

Limitations when using the HTTP Practical Demonstration DCV methods

The HTTP Practical Demonstration DCV method has its limitations. If you need to validate wildcard domains, include subdomains, or validate an entire domain and its subdomains, you must use another DCV method.

You can’t use the HTTP Practical Demonstration DCV methods to:

  • Validate wildcard domains, such as *.example.com.

  • Include subdomains in the validation process while validating a higher-level domain.

    If you want to cover www.example.com, mail.example.com, and one.example.com while validating the higher-level domain example.com, use another DCV method.

  • Validate entire domains and subdomains.

HTTP Practical Demonstration

DigiCert goes to a predetermined location on your website to verify the presence of our random value. To use this DCV method, you must have access and permission to add a file to the website server.

Create the .txt file and save it on your website

  1. Create your .txt file and add the DigiCert-provided random value.

    1. Open a text editor (such as Notepad).

    2. Add the random value to the text editor.

    3. Save the .txt file under this name: fileauth.txt.

  2. Create the /.well-known/pki-validation directory on your site.

    For Windows-based servers, you can create the /.well-known folder using the command line (mkdir .well-known) or by setting up a virtual directory in IIS.

  3. Place the fileauth.txt file on your website under /.well-known/pki-validation.

    The URL should look something like this: http://[your-domain]/.well-known/pki-validation/fileauth.txt

What's next

When ready, DigiCert goes to the specified URL to confirm the presence of the DigiCert-generated random value. If the check is successful, the domain is validated, and you can order a certificate for it.

You can run the check manually or wait for DigiCert's automatic domain control validation (DCV) check, also called DCV polling, to validate the domain. DCV polling can eliminate the need to run the validation checks manually.

Learn about DigiCert's automatic domain control validation checks.

HTTP Practical Demonstration with unique filename

DigiCert goes to a predetermined location on your website to confirm the presence of our random value. To use this DCV method, you must have access and permission to add a file to the website server.

Note: DV certificates don’t support the HTTP Practical Demonstration with unique filename DCV method.

Reason why you might use HTTP Practical Demonstration with unique filename

Use 302 redirects to point addresses to a central authentication server. The server hosts all HTTP authentication files with unique filenames.

Create the .txt file and save it on your website

  1. Create your .txt file and add the DigiCert-provided random value.

    1. Open a text editor (such as Notepad).

    2. Add the random value to the text editor.

    3. Save the .txt file under the DigiCert-provided random filename (for example, ES3e9203kd0238K3.txt).

  2. Create the /.well-known/pki-validation directory on your site.

    For Windows-based servers, you can create the /.well-known folder using the command line (mkdir .well-known) or by setting up a virtual directory in IIS.

  3. Place the fileauth.txt file on your website under /.well-known/pki-validation.

    The URL should look something like this: http://[your-domain]/.well-known/pki-validation/ES3e9203kd0238K3.txt

What's next

When ready, DigiCert goes to the specified URL to confirm the presence of the DigiCert-generated random value. If the check is successful, the domain is validated, and you can order a certificate for it.

You can run the check manually or wait for DigiCert's automatic domain control validation (DCV) check, also called DCV polling, to validate the domain. DCV polling can eliminate the need to run the validation checks manually.

Learn about DigiCert's automatic domain control validation checks.

Resources

HTTP Practical Demonstration:

HTTP Practical Demonstration with unique filename:

In this section: