Add and validate a domain using email to DNS TXT record contact

Add a domain to CertCentral and validate it by sending a DigiCert authorization email to the address specified in the domain's DNS TXT record. DigiCert sends the approval email to the DNS TXT record email address on the _validation-contactemail subdomain of the domain being validated.

Before you begin

Complete the one-time CertCentral Settings configuration for this method. See Validate domains using email validation methods.
You must have access and permission to modify the domain's DNS records.
At least one organization must exist in your CertCentral account before adding a domain. See Add an organization to CertCentral.
You must be an administrator to update CertCentral account preferences.

Step I: Set up the DNS TXT record contact

Place a DNS TXT record on the _validation-contactemail subdomain of the domain you want to validate.

The RDATA value of this text record must be a valid email address with no additional padding or structure:

Name	Time to live (TTL)	Value
`_validation-contactemail`	Default	`validatedomain@yourdomain.com`

Step II: Add the domain and submit for validation

In the CertCentral main menu,
- For Enterprise, Partner, or Legacy accounts: go to Certificates > Domains.
- For Subscription accounts: go to Validation > Domains.
On the Domains page, select New Domain.
On the New Domain page, under Domain Details, enter the following:
- Domain Name: Enter the domain you want to validate.
- Organization: Select the organization to assign the domain to.
Under Domain control validation (DCV) method, select Verification Email.
In the DCV Email Language menu, select the language for the confirmation email.
Select Choose address and in the Choose address window, select the email addresses you want the confirmation email sent to.
Select Submit for validation.

DigiCert sends the verification email from no-reply@digitalcertvalidation.com to the addresses you selected. The domain is validated when the email recipient selects the link in the email and follows the instructions on the domain approval page.

Common configuration issues

The DNS TXT record is created on the wrong hostname. The record must be on _validation-contactemail.yourdomain.com.
The email address in the TXT record is invalid or inaccessible. Confirm the address is monitored and can receive external email.
Email security tools quarantine the authorization message. Add digitalcertvalidation.com to your allowlist.
DNS changes have not yet propagated. Allow propagation time before submitting the domain for validation.

What's next

Add and validate a domain using email to DNS CAA record contact if your domain includes a CAA record with a contact email address

In this section: