Skip to main content

Domain prevalidation: Revalidate your domain before validation expires

For quicker certificate issuance, keep your domain's validation current

DigiCert recommends keeping your domains' validation up to date for quicker certificate issuance. For information about the DigiCert-supported DCV methods, see Domain prevalidation: Domain control validation (DCV) methods.

Don’t wait until your domain's validation expires to revalidate it. With CertCentral, you can revalidate a domain at any time. This domain management feature enables you to complete the domain's validation early, so your immediate certificate issuance process continues without interruption.

Items to note about domain validation:

  • Per industry standards, a domain's validation is valid for 397 days (approximately 13 months).

  • If you order a certificate while the domain's revalidation is pending, we use the domain's current validation to issue the certificate if it is still valid.

Submit domain for revalidation

  1. In your CertCentral account, in the left menu, go to Certificates > Domains.

  2. On the Domains page, select the domain you want to revalidate.

  3. On the domain's details page, in the Domain control validation DCV section, select the DCV method you want to use to demonstrate control over the domain.

    • DNS TXT record (DNS Change)

      Go to your DNS provider and create a TXT record. Add a DigiCert-generated random value to the domain's TXT record. DigiCert does a search for a DNS TXT record associated with the domain that includes the DigiCert-generated random value.

    • Verification email

      An email recipient follows the instructions in a confirmation email sent for the domain. DigiCert can send three sets of DCV emails: Email to DNS TXT contact, Constructed Email, and WHOIS-based.

      • Email to DNS TXT contact

        Place the DNS TXT record on the _validation-contactemail subdomain of the domain you want to validate. The RDATA value of this text record must be a valid email address.

        DigiCert sends an authorization email to the email addresses found in the DNS TXT record on the _validation-contactemail subdomain of the domain you are validating.

      • Email to Constructed Email

        DigiCert sends the authorization email to five constructed email addresses for the domain: admin, administrator, webmaster, hostmaster, and postmaster @[domain_name].

        Before DigiCert can successfully send an authentication DCV email to the domain owner (or domain controller), we must verify that an MX record (a resource record in the Domain Name System [DNS]) exists in the DNS records of the recipient's domain name. The presence of valid MX records enables us to send the authentication email.

      • Email to WHOIS

        For WHOIS-based email, DigiCert sends an authorization email to the registered owners of the public domain as shown in the domain's WHOIS record.

        Warning

        End of life for the WHOIS-based email DCV method

        The industry is moving away from using WHOIS to identify domain contacts. DigiCert recommends that those using the WHOIS-based Email DCV method update their domain validation processes to use one of the other supported DCV methods as soon as possible. If you still want to use the Email DCV method, use DNS TXT record email contact or Constructed email.

        To learn more about DigiCert’s timeline for the end of life for WHOIS-based email, see our knowledge base article, End of life for WHOIS-based DCV methods.

    • DNS CNAME record

      Go to your DNS provider and create a CNAME record. In the hostname field, enter _dnsauth. Then, add [random_value].dcv.digicert.com in the target host field to point the CNAME record to dcv.digicert.com. DigiCert does a search for a DNS CNAME record associated with the domain that includes the DigiCert-generated random value.

    • HTTP Practical Demonstration and HTTP Practical Demonstration with unique filename DCV methods

      You can only use the HTTP Practical Demonstration DCV methods to demonstrate control over fully qualified domain names (FQDNs) exactly as named. To learn more, visit Domain Validation Policy Changes.

      • HTTP Practical Demonstration

        Host a file containing a DigiCert-generated random value at a predetermined location on your website: http://{domain-name}/.well-known/pki-validation/fileauth.txt. DigiCert visits the specified URL to confirm the presence of our random value.

      • HTTP Practical Demonstration with unique filename

        Host a file with a random, DigiCert-generated filename that contains a DigiCert-generated random value at a predetermined location on your website: http://{domain-name}/.well-known/pki-validation/{unique-filename}.txt. DigiCert visits the specified URL to confirm the presence of our random value.

  4. When ready, select Submit For Validation.

What's next

Use the selected DCV method to complete domain validation and demonstrate control over your domain.

References:

In this section: