Domain validation requirements and reuse periods
Domain validation confirms control of a fully qualified domain name or IP address before DigiCert issues a certificate. Industry requirements limit how long domain validation remains valid and define how validation reuse applies across certificate types.
Validation period
Domain validation remains valid within the allowed reuse period. Repeat domain validation before the validation period expires.
If the validation period expires before certificate issuance, DigiCert requires revalidation before the order can proceed.
Validation reuse
Validation reuse allows previously validated domains to be used for additional certificate requests within the allowed reuse period.
Reuse behavior varies by certificate type:
OV and EV certificates: Support validation reuse within the allowed reuse period. Validated domains can be used for subsequent certificate requests without additional validation.
DV certificates: Do not support validation reuse. Each DV certificate order requires domain validation regardless of previous validation status.
What happens when domain validation expires
Expired domain validation does not affect certificates that have already been issued. However, it affects the following:
Renewals and reissues: When you renew or reissue a certificate, DigiCert checks the validity of the domains on the order. If a domain's validation has expired, the order enters a pending state and requires revalidation before the certificate is issued.
Duplicate certificates: Duplicate certificates are issued immediately and require valid domain validation. If domain validation has expired, reissue the certificate first. The reissue process includes steps for revalidating the domain. Once domain validation is updated, you can request a duplicate certificate.
Random value expiration
When using DNS TXT, DNS CNAME, or HTTP validation methods, DigiCert generates a random value. Random values expire after 30 days.
Retrieve a new DigiCert-generated random value from CertCentral if validation does not complete within 30 days.
Complete revalidation when:
The domain validation reuse period has expired
A domain is added to a certificate order
Validation was not completed before the random value expired
Why multiple random values can exist for the same domain
DigiCert generates a unique random value for each separate validation event. Multiple values can exist when:
The domain is submitted for prevalidation and then included in a certificate order at a different time
The domain is included in multiple certificate orders with different organizations
Multiple TLS certificates are ordered for the same domain
If DigiCert generates two or more unique random values for the same domain, do not be concerned. All values are valid. Use any one of them to complete validation.
Reducing validation reuse periods
The CA/Browser Forum has officially voted to amend the TLS Baseline Requirements, setting a schedule for shortening the lifetime of TLS certificates and the reuse period of domain validation. Learn more about this industry change.
Timeline | Certificate validity | Domain reuse period |
|---|---|---|
Until March 15, 2026 | 397 days | 397 days |
As of March 15, 2026 | 199 days | 199 days |
As of March 15, 2027 | 99 days | 99 days |
As of March 15, 2029 | 46 days | 9 days |
Notes:
DV certificates do not support domain validation reuse. Each DV certificate order requires validation regardless of the above schedule.
OV organization validation reuse is separate. As of February 24, 2026, OV organization validation reuse is limited to 397 days.