Skip to main content

Use the HTTP Practical Demonstration validation method to verify domain control

Demonstrate control over a domain on your TLS/SSL certificate order with HTTP practical demonstration

Check the status of your TLS/SSL certificate order and use the HTTP practical demonstration DCV method to demonstrate control over a domain on the order. For more information, see Demonstrate control over domains on a pending certificate order.

Note

Submitting domains for validation during the order process means certificates cannot be issued until domain validation is complete. For immediate certificate issuance, submit domains for prevalidation when possible. See Domain prevalidation: Supported DCV methods.

Demonstrate control over your domain by hosting a .txt file containing a randomly generated token value at a predetermined location on your website. Once the file is created and placed on your site, DigiCert visits the specified URL to confirm the presence of your verification token.

Make sure to avoid the Common mistakes: HTTP Practical Demonstration DCV method.

Important

Validation for wildcard domains and subdomains: DigiCert recommends the DNS TXT and Email to DNS TXT contact methods to show control over an entire domain space (for example, all subdomains under *.example.com or example.com).

By the end of 2021, industry policy will disallow the use of the HTTP practical demonstration method for wildcard certificates and limit the effective use of the method for subdomains. For more on this policy change, see Domain validation policy changes in 2021.

Step 1: Check the status of your pending order

Go to the SSL/TLS certificate's Order details page to see what domain and organization validation needs to be completed before we can issue your certificate.

  1. In your CertCentral account, go to the order's Order # details page.

    1. In the left main menu, go to Certificate > Orders.

    2. On the Orders page, in the Order # column, click the certificate's order number link.

  2. On the Order # details page, in the Validation in Progress section, check the order's issuance status (is the order waiting on domain or organization validation to be completed?).

Notice

After validation is complete (domains and organization), the Order status section no longer appears on the Order # details page.

Step 2: Use HTTP practical demonstration to demonstrate control over the domains

  1. On the Order # details page, under You Need To, click the domain link you want to complete the DCV for.

    Notice

    When you have multiple domains (SANs) on an order, each one will be listed. Those with a checkmark next to them are validated. Those with a clock icon next to them still need you to complete their validation.

  2. In the Prove Control Over Domain window, in the DCV Method dropdown, select HTTP Practical Demonstration.

  3. Create your .txt files

    1. In the Token box, copy your unique token.

      Note: The unique token expires after 30 days. To generate a new token, click the Generate a New Token link.

    2. Open a text editor (such as Notepad) and paste in your unique Token.

    3. Save the .txt file under this name: fileauth.txt.

  4. Create the .well-known/pki-validation/ directory on your site.

    Important

    For Windows-based servers, the .well-known folder must be created via command line (mkdir .well-known).

  5. Place the fileauth.txt file on your site under .well-known/pki-validation.

    The URL should look something like this:

    http://[yourdomain]/.well-known/pki-validation/fileauth.txt

  6. Verify the HTTP Token

    1. In your CertCentral account, go to the order's Order # details page.

      1. In the left main menu, go to Certificate > Orders.

      2. On the Orders page, in the Order # column, click the certificate's order number link.

    2. On the Order # details page, in the Validation in Progress section, under You Need To, locate and click the domain link.

    3. In the Prove Control Over Domain window, under 2. Check HTTP Token, click Check.