Use the DNS TXT DCV Method

Use these instructions to check the status of your DV certificate order. Then use the DNS TXT DCV method to demonstrate control over the domains in the order.

This validation method lets you demonstrate control over your domains by creating a DNS TXT record containing a DigiCert-generated random value (provided for the domain in your CertCentral account).

After you’ve created the records, DigiCert searches for DNS TXT records on the domains to confirm the presence of your random value.

  1. In your CertCentral account, in the sidebar menu, click Certificates > Orders.

  1. On the Orders page, use the filters and advanced search features to locate the pending DV certificate order.

  1. In the Order # column for the pending certificate order, click the order number link.

  1. On the Order # details page, in the Order Status section, check the order's validation status (is the order waiting on domain validation to be complete?).

  1. Under You Need To, click the Prove Control Over Domain link.

  1. In the Prove control of your domain window, in the DCV verification method drop-down list, select DNS TXT (recommended).

  1. Create the DNS TXT record for the domain

    If your order includes multiple domains, create a DNS TXT record for each domain in the order before running the check.

    1. In the Copy this random value to paste in your TXT record box, copy your random value.
      If your order includes multiple domains, add this random value to each domain’s DNS TXT record.
      Note: The random value expires after 30 days.
    2. Go to your DNS provider’s site and create a new TXT record.
    3. In the TXT Value field, enter the random value you copied from your CertCentral account.
    4. Host field:
      1. Base domain (for example, [yourdomain].com)
        Are you validating the base domain? Leave the Host field blank or add the @ symbol (depending on your DNS provider requirements).
      2. Subdomain (for example, [your.domain].com)
        Are you validating a subdomain? In the Host field, add the subdomain you are validating.
    5. In the record type filed (or equivalent), select TXT.
    6. Select a Time-to-Live (TTL) value or use your DNS provider’s default value.
    7. Save the record.

Does your order include multiple domains? Create a DNS TXT record for each domain on the order first, before you run the check.

If any domains are missing a DNS TXT record with the DigiCert-provided random value, the “check” will fail.

  1. Verify the DNS TXT record

    1. In your CertCentral account, in the sidebar menu, click Certificate > Orders.
    2. On the Orders page, in the Order # column of the DV certificate order, click the order number link.
    3. On the Order # details page, in the Order Status section, under You Need To, click the Prove control over domain link.
    4. In the Prove control of your domain window, click Check.

  1. Congratulations! You have completed the domain validation for the domains.

About

DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.

©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.