Skip to main content

Add a domain, authorize the domain for certificates, and use DNS TXT as the validation method

Demonstrate control over your domain with a DNS TXT Record

Before you begin


Before you can prevalidate a domain for SSL/TLS validation, you must first submit its organization for prevalidation. To use the domain for OV, EV, and/or Private SSL certificates, you must submit its organization for those matching validation types.

Demonstrate control over your domain by creating a DNS TXT record containing a randomly generated token as the value. Once the DNS TXT record is created, DigiCert searches the domain's DNS records to confirm the presence of your verification token.

Step I: Add and authorize a domain for SSL/TLS certificates

  1. In your CertCentral account, in the left main menu, go Certificates > Domains.

  2. On the Domains page, select New Domain.

  3. On the New Domain page, under Domain Details, enter the following domain information:

    1. Domain Name

      In the box, enter the domain name the certificates will secure.

    2. Organization

      In the dropdown, select the organization to which you want to assign the domain.

  4. Under Domain Control Validation (DCV) Method, select DNS TXT Record.


    The default DCV method is Verification Email.

  5. When you are finished, click Submit for Validation.

Step II: Use DNS TXT record to demonstrate control over the domain

  1. Create your DNS TXT record:

    1. Under User Actions, in the Your unique verification token box, copy your verification token. To copy the value to your clipboard, single-click in the text field.


      The unique verification token expires after 30 days. To generate a new token, click Generate New Token.

    2. Go to your DNS provider’s site and create a new TXT record.

    3. In the TXT Value field, paste the verification code you copied from your CertCentral account.

    4. Host field:

      • Base domain: If you are validating the base domain, leave the Host field blank. Alternatively, use the @ symbol (depending on your DNS provider requirements).

      • Subdomain: In the Host field, enter the subdomain that you are validating.

    5. In the record type field (or equivalent), select TXT.

    6. Select a Time-to-Live (TTL) value or use your DNS provider's default value.

    7. Save the record.

  2. Verify the DNS TXT record:

    1. In your CertCentral account, in the left main menu, go to Certificates > Domains.

    2. On the Domains page, in the Domain Name column, select the domain link.

    3. On the domain information page, at the bottom of the page, select Check TXT.