Skip to main content

Use the HTTP Practical Demonstration (File) DCV method

Demonstrate control over domains on your DV TLS certificate order with HTTP Practical Demonstration

Use the HTTP Practical Demonstration DCV method to demonstrate control over the domains on your pending DV TLS certificate order.

Before you begin

Important

Validating wildcard domains and subdomains:

You can only use the HTTP Practical Demonstration DCV method to validate domain names exactly as named in the certificate request. To learn more about this policy, see Domain validation policy changes in 2021.

Use one of the other supported DCV methods, such as DNS TXT record to do the following:

  • Validate wildcard domains, such as *.example.com.

  • Validate entire domains and subdomains.

  • Include subdomains in the domain validation when validating a higher-level domain.

    For example, if you want to cover www.example.com, mail.example.com, and one.example.com when validating the higher-level domain example.com.

To demonstrate control over your domain, host a file containing a DigiCert-generated random at a predetermined location on your website: http://{domain-name}/.well-known/pki-validation/fileauth.txt.

After you've created the file and placed it on your site, DigiCert visits the specified URL to confirm the presence of our random value. Make sure to avoid common mistakes—HTTP Practical Demonstration DCV method common mistakes.

Use the HTTP Practical Demonstration to validate the domains on your pending DV TLS certificate order

  1. In CertCentral, in the left menu, go to Certificates > Orders.

  2. On the Orders page, in the Order # column of the pending DV certificate order, select the order number link.

  3. On the Order # details page, on the Details tab, in the Certificate status section, under What do you need to do, select the Prove control over domain link.

  4. In the Prove control of your domain window, in the Domain control validation (DCV) method menu, select HTTP Practical Demonstration (File) and then select Save.

  5. Create a .txt file and add the DigiCert-provided random value.

    1. Open a text editor, such as Notepad.

    2. In the Order token box, copy your token and paste the random value in text editor.

      Note: The random value expires after 30 days.

    3. Save the .txt file under this name: fileauth.txt.

  6. Create the /.well-known/pki-validation/ directory on your site.

    For Windows-based servers, the /.well-known folder must be created via command line ( mkdir .well-known).

  7. Place the fileauth.txt file on your site under /.well-known/pki-validation

    The URL should look something like this: http://{domain-name}/.well-known/pki-validation/fileauth.txt.

    Does your DV TLS certificate include multiple domains?

    Create the /.well-known/pki-validation/ directories on the domain sites and place your fileauth.txt file on them in the specified locations before you run the check.

    The "check” will fail if any domain site is missing a fileauth.txt file with the DigiCert-provided random value.

  8. Complete domain validation.

    1. In CertCentral, in the left menu, go to Certificates > Orders.

    2. On the Orders page, in the Order # column of the DV certificate order, select the order number link.

    3. On the Order # details page, on the Details tab, in the Certificate status section, under What do you need to do, select the Prove control over domain link.

    4. In the Prove control of your domain window, select Check site.

In this section: