Skip to main content

Domain prevalidation: Bulk domain revalidation

Use the bulk domain revalidation feature to submit up to 25 domains simultaneously for revalidation. DigiCert recommends keeping your domains' validation up to date for quicker certificate issuance.

Items to note about domain validation:

  • Per industry standards, a domain's validation is valid for 397 days (approximately 13 months).

  • If you order a certificate for a domain while the domain's revalidation is pending, we use the domain's current validation to issue the certificate until that validation has expired.

Submit domains for revalidation

  1. In your CertCentral account, in the left menu, go to Certificates > Domains.

  2. On the Domains page, check the box next to the domains you want to revalidate.

  3. In the Submit domains for revalidation dropdown, select the DCV method you want to use to demonstrate control over the domains.

    • Revalidation by DNS TXT record

      Go to your DNS provider and create a TXT record. Add a DigiCert-generated random value to the domain's TXT record.

    • Revalidation by email

      An email recipient follows the instructions in a confirmation email sent for the domain. DigiCert can send three sets of DCV emails: Email to DNS TXT contact, Constructed Email, and WHOIS-based.

      • Email to DNS TXT contact

        Place the DNS TXT record on the _validation-contactemail subdomain of the domain you want to validate. The RDATA value of this text record must be a valid email address.

        DigiCert sends an authorization email to the email addresses found in the DNS TXT record on the _validation-contactemail subdomain of the domain you are validating.

      • Email to Constructed Email

        DigiCert sends the authorization email to five constructed email addresses for the domain: admin, administrator, webmaster, hostmaster, and postmaster @[domain_name].

        Before DigiCert can successfully send an authentication DCV email to the domain owner (or domain controller), we must verify that an MX record (a resource record in the Domain Name System [DNS]) exists in the DNS records of the recipient's domain name. The presence of valid MX records enables us to send the authentication email.

      • Email to WHOIS

        DigiCert sends an authorization email to the registered owners of the public domain as shown in the domain's WHOIS record.

        Warning

        End of life for the WHOIS-based email DCV method

        The industry is moving away from using WHOIS to identify domain contacts. DigiCert recommends that those using the WHOIS-based Email DCV method update their domain validation processes to use one of the other supported DCV methods as soon as possible. If you still want to use the Email DCV method, use DNS TXT record email contact or Constructed email.

        To learn more about DigiCert’s timeline for the end of life for WHOIS-based email, see our knowledge base article, End of life for WHOIS-based DCV methods.

    • Revalidation by DNS CNAME record

      Go to your DNS provider and create a CNAME record. In the hostname field, enter _dnsauth. Then, add [random_value].dcv.digicert.com in the target host field to point the CNAME record to dcv.digicert.com.

  4. On the Submit domains for revalidation page, review the selected domains and when ready, select Submit domains for validation.

  5. For the DNS CNAME and DNS TXT DCV methods, download a CSV file containing each domain's DigiCert-generated random value.

    Under Next steps, select Download CSV and save the file. Then, use this file to add the correct random value to each domain's DNS CNAME or DNS TXT record.

    Warning

    Download the CSV file now!

    Download the CSV file now before closing this page. After leaving this page, the only way to get the DigiCert-generated random value for each domain is to open each Domain's details page and copy it.

What's next

Use the selected DCV method to complete domain validation and demonstrate control over your domains.

References:

In this section: