Skip to main content

Validate a domain using DNS TXT Record

Add a domain to CertCentral and validate it using the DNS TXT Record (DNS Change) DCV method.

Add a domain to CertCentral and demonstrate control over the domain by creating a DNS TXT record that includes a DigiCert-generated random value. After you create the DNS TXT record, DigiCert searches the domain's DNS records to confirm the presence of the random value.

Before you begin

First, you must have at least one organization in your account. Before adding domains to your account, you must assign them to an organization in your CertCentral account. See Add an organization to your CertCentral account.

Additionally, you must submit the organization for organization validation to use the domain in OV, EV, or Private TLS/SSL or Secure Email certificates. See Submit an organization for validation.

Once you have an organization, add a domain to the account and assign it an organization.

Step I: Add domain and select DNS TXT record as the DCV method

  1. In CertCentral, in the left main menu, go Certificates > Domains.

  2. On the Domains page, select New Domain.

  3. On the New Domain page, under Domain Details, enter the following domain information:

    1. Domain Name

      In the box, enter the domain you want to validate.

    2. Organization

      In the menu, select the organization to want to assign the domain to.

  4. Under Domain control validation (DCV) method, select DNS TXT Record.

  5. When ready, select Submit for validation.

Step II: Use DNS TXT record to demonstrate control over the domain

  1. On the domain's details page, in the Domain control validation (DCV) method section under User actions, in the Your unique verification token box, copy the verification token.

    The unique verification token expires after 30 days. To generate a new token, select the Generate New Token link.

  2. Create your DNS TXT record:

    1. Go to your DNS provider’s site and create a new TXT record.

      For more detailed instructions for creating or updating a DNS TXT record, try the following resources:

    2. In the TXT Value field, paste the verification code you copied from your CertCentral account.

    3. Concerning the Host field:

      • Base domain: (yourdomain)

        Leave the Host field blank or use the @ symbol (depending on your DNS provider requirements)..

      • Subdomain: (sub.yourdomain)

        In the Host field, enter the subdomain that you are validating.

    4. In the record type field (or equivalent), select TXT.

    5. Select a Time-to-Live (TTL) value or use your DNS provider's default value.

    6. Save the record.

  3. Complete domain validation

    1. In CertCentral, in the left menu, go to Certificates > Domains.

    2. On the Domains page, in the Domain name column, select the domain link.

    3. On the domain’s detail page, in the Domain control validation (DCV) method section under User actions, select Check TXT.

© 2025 DigiCert, Inc.
Publication date: