Use the DNS TXT validation method to verify domain control

Demonstrate control over your domain with a DNS TXT record

Check the status of your TLS/SSL certificate order and use the DNS TXT Record DCV method to demonstrate control over a domain on the order. For more information, see Demonstrate control over domains on your SSL certificate order.

Submitting domains for validation during the order process means certificates will not be issued until domain validation is complete. For immediate certificate issuance, submit domains for prevalidation when possible. See Domain prevalidation: Supported DCV methods.

Demonstrate control over your domain by creating a DNS TXT record containing a randomly generated token as the value. Once the DNS TXT record is created, DigiCert searches the domain's DNS records to confirm the presence of your verification token.

Step 1: Check the status of your pending order

Go to the SSL/TLS certificate's order page to check its issuance status. You can also see what domain and organization validation needs to be completed before we can issue it.

  1. In your CertCentral account, go to the order's Order # details page.

    1. In the left main menu, click Certificate > Orders.
    2. On the Orders page, in the Order # column, click the certificate's order number link.

  1. On the Order # details page, in the Order Status section, check the order's issuance status (is the order waiting on domain or organization validation to be completed?).

After validation is complete (domains and organization), the Order status section no longer appears on the Order # details page.

Step 2: Use DNS TXT to demonstrate control over the domains

  1. On the Order # details page, under You Need To, click the domain link you want to complete the DCV for.

When you have multiple domains (SANs) on an order, each one will be listed. Those with a checkmark next to them are validated. Those with a clock icon next to them still need to be validated.

  1. In the Prove Control Over Domain window, in the DCV Method dropdown, select DNS TXT Record.

  1. Create the DNS TXT record

    1. In the Token box, copy your unique token. To copy the value to your clipboard, single-click in the text field.
      Note: The unique token expires after 30 days. To generate a new token, click the Generate a New Token link.
    2. Go to your DNS provider’s site and create a new TXT record.
    3. In the TXT Value field, paste the unique token that you copied from your DigiCert account.
    4. Concerning the Host field:
      1. Base Domain (e.g., example.com)
        If you are validating the base domain, leave the Host field blank, or use the @ symbol (depending on your DNS provider requirements).
      2. Subdomain (e.g., my.example.com)
        In the Host field, enter the subdomain that you are validating.
    5. In the record type field (or equivalent), select TXT.
    6. Select a Time-to-Live (TTL) value or use your DNS provider’s default value.
    7. Save the record.

  1. Verify the DNS TXT record

    1. In your CertCentral account, go to the order's Order # details page.
      1. In the left main menu, go to Certificate > Orders.
      2. On the Orders page, in the Order # column, click the certificate's order number link.
    2. On the Order # details page, in the Validation in Progress section, under You Need To, locate and click the domain link.
    3. In the Prove Control Over Domain window, under 2. Check for Token, click Check.

About

DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.

©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.