Use the DNS TXT DCV Method

Use these instructions to check the status of your DV certificate order, and then, to use the DNS TXT DCV method to demonstrate control over the domains on the order.

This validation method lets you demonstrate control over your domains by creating a DNS TXT record containing a DigiCert generated random value (provided for the domain in your CertCentral account).

After you’ve created the records, DigiCert searches for DNS TXT records on the domains to confirm the presence of your random value.

  1. In your CertCentral account, in the sidebar menu, click Certificates > Orders.

  1. On the Orders page, use the filters and advanced search features to locate the pending DV certificate order.

  1. In the Order # column for the pending certificate order, click the order number link.

  1. On the Order # details page, in the Order Status section, check the order's validation status (is the order waiting on domain validation to be completed?).

  1. Under You Need To, click the Prove Control Over Domain link.

  1. In the Prove control of your domain window, in the DCV verification method drop-down list, select DNS TXT (recommended).

  1. Create the DNS TXT record for the domain

    If your order includes multiple domains, create a DNS TXT record for each domain on the order before running the check.

    1. In the Copy this random valid to paste in your TXT record box, copy your random value.
      If your order includes multiple domains, add this random value to each domain’s DNS TXT record.
      Note: The random value expires after thirty days.
    2. Go to your DNS provider’s site and create a new TXT record.
    3. In the TXT Value field, enter the random value you copied from your CertCentral account.
    4. Host field
      1. Base domain (for example, [yourdomain].com)
        Are you validating the base domain? Leave the Host field blank or add the @ symbol (depending on your DNS provider requirements).
      2. Subdomain (for example, [your.domain].com)
        Are you validating a subdomain? In the Host field, add the subdomain you are validating.
    5. In the record type filed (or equivalent), select TXT.
    6. Select a Time-to-Live (TTL) value or use your DNS provider’s default value.
    7. Save the record.

Does your order include multiple domains? Create a DNS TXT record for each domain on the order first -- before you run the check. If any domains are missing a DNS TXT record containing the DigiCert provided random value, the “check” will fail.

  1. Verify the DNS TXT record

    1. In your CertCentral account, in the sidebar menu, click Certificate > Orders.
    2. On the Orders page, in the Order # column of the DV certificate order, click the order number link.
    3. On the Order # details page, in the Order Status section, under You Need To, click the Prove Control Over Domain link.
    4. In the Prove control of your domain window, click Check.

  1. Congratulations! You have completed the domain validation for the domains.

About

DigiCert is the world’s premier provider of high—assurance digital certificates—providing trusted SSL, private and managed PKI deployments, and device certificates for the emerging IoT market. Since our founding almost fifteen years ago, we’ve been driven by the idea of finding a better way. A better way to provide authentication on the internet. A better way to tailor solutions to our customer’s needs. Now, we’ve added Symantec’s experience and talent to our legacy of innovation to find a better way to lead the industry forward, and build greater trust in identity and digital interactions.

©2019 DigiCert, Inc. All rights reserved. DigiCert and its logo are registered trademarks of DigiCert, Inc. Symantec and Norton and their logos are trademarks used under license from Symantec Corporation. Other names may be trademarks of their respective owners.