Use the DNS TXT validation method to verify domain control

Use these instructions to first check the status of your SSL/TLS certificate order, and then, to use the DNS TXT DCV method to demonstrate control over the domains on the order. For more information about this method and other DCV methods, see Demonstrate control over domains on your SSL certificate order.

Step 1: Check the status of your pending order

Go to the SSL/TLS certificate's order page to check its issuance status. You can also see what domain and organization validation needs to be completed before we can issue it.

  1. In your CertCentral account, go to the order's Order # details page.

    1. In the sidebar menu, click Certificate > Orders.
    2. On the Orders page, use the filters and advanced search features to locate the pending certificate order to want to check.
    3. In the Order # column of the certificate order, click the order number link.

  1. On the Order # details page, in the Order Status section, check the order's issuance status (is the order waiting on domain or organization validation to be completed?).

Step 2: Use DNS TXT to demonstrate control over the domains

  1. On the Order # details page, under You Need To, click the domain link you want to complete the DCV for.

When you have multiple domains (SANs) on an order, each one will be listed. Those with a checkmark next to them are validated. Those with a clock icon next to them still to be validated.

  1. In the Prove Control Over Domain window, in the DCV Method dropdown, select DNS TXT Record.

  1. Create the DNS TXT record

    1. In the Token box, copy your unique token.
      To copy the value to your clipboard, single click in the text field.
      Note: The unique token expires after thirty days. To generate a new token, click the Generate a New Token link.
    2. Go to your DNS provider’s site and create a new TXT record.
    3. In the TXT Value field, paste the unique token that you copied from your DigiCert account.
    4. Host field
      1. Base Domain (e.g., example.com)
        If you are validating the base domain, leave the Host field blank, or use the @ symbol (depending on your DNS provider requirements).
      2. Subdomain (e.g., my.example.com)
        In the Host field, enter the subdomain that you are validating.
    5. In the record type field (or equivalent), select TXT.
    6. Select a Time-to-Live (TTL) value or use your DNS provider’s default value.
    7. Save the record.

  1. Verify the DNS TXT record

    1. In your CertCentral account, go to the order's Order # details page.
      1. In the sidebar menu, click Certificate > Orders.
      2. On the Orders page, in the Order # column of the certificate order, click the order number link.
    2. On the Order # details page, in the Validation in Progress section, under You Need To, locate and click the domain link.
    3. In the Prove Control Over Domain window, under 2. Check for Token click Check.

  1. Congratulations! You demonstrated control over the domain and completed its domain validation.

About

DigiCert is the world’s premier provider of high—assurance digital certificates—providing trusted SSL, private and managed PKI deployments, and device certificates for the emerging IoT market. Since our founding almost fifteen years ago, we’ve been driven by the idea of finding a better way. A better way to provide authentication on the internet. A better way to tailor solutions to our customer’s needs. Now, we’ve added Symantec’s experience and talent to our legacy of innovation to find a better way to lead the industry forward, and build greater trust in identity and digital interactions.

©2019 DigiCert, Inc. All rights reserved. DigiCert and its logo are registered trademarks of DigiCert, Inc. Symantec and Norton and their logos are trademarks used under license from Symantec Corporation. Other names may be trademarks of their respective owners.