Skip to main content

Use the DNS TXT DCV Method

Use these instructions to check the status of your DV certificate order. Then use the DNS TXT DCV method to demonstrate control over the domains in the order.

This validation method lets you demonstrate control over your domains by creating a DNS TXT record containing a DigiCert-generated random value (provided for the domain in your CertCentral account).

After you’ve created the records, DigiCert searches for DNS TXT records on the domains to confirm the presence of your random value.

  1. In your CertCentral account, in the sidebar menu, click Certificates > Orders.

  2. On the Orders page, use the filters and advanced search features to locate the pending DV certificate order.

  3. In the Order # column for the pending certificate order, click the order number link.

  4. On the Order # details page, in the Order Status section, check the order's validation status (is the order waiting on domain validation to be complete?).

  5. Under You Need To, click the Prove Control Over Domain link.

  6. In the Prove control of your domain window, in the DCV verification method drop-down list, select DNS TXT (recommended).

  7. Create the DNS TXT record for the domain

    If your order includes multiple domains, create a DNS TXT record for each domain in the order before running the check.

    1. In the Copy this random value to paste in your TXT record box, copy your random value.

      If your order includes multiple domains, add this random value to each domain’s DNS TXT record.

      Note: The random value expires after 30 days.

    2. Go to your DNS provider’s site and create a new TXT record.

    3. In the TXT Value field, enter the random value you copied from your CertCentral account.

    4. Host field:

      1. Base domain (for example, [yourdomain].com)

        Are you validating the base domain? Leave the Host field blank or add the @ symbol (depending on your DNS provider requirements).

      2. Subdomain (for example, [your.domain].com)

        Are you validating a subdomain? In the Host field, add the subdomain you are validating.

    5. In the record type filed (or equivalent), select TXT.

    6. Select a Time-to-Live (TTL) value or use your DNS provider’s default value.

    7. Save the record.

    Warning

    Does your order include multiple domains? Create a DNS TXT record for each domain on the order first, before you run the check.

    If any domains are missing a DNS TXT record with the DigiCert-provided random value, the “check” will fail.

  8. Verify the DNS TXT record

    1. In your CertCentral account, in the sidebar menu, click Certificate > Orders.

    2. On the Orders page, in the Order # column of the DV certificate order, click the order number link.

    3. On the Order # details page, in the Order Status section, under You Need To, click the Prove control over domain link.

    4. In the Prove control of your domain window, click Check.

  9. Congratulations! You have completed the domain validation for the domains.