Domain Validation (Pending Order): Use the HTTP Practical Demonstration DCV Method

Use these instructions to check the status of your TLS/SSL certificate order and use the HTTP Practical Demonstration DCV method to demonstrate control over a domain on the order.

Note: Submitting domains for validation during the order process means certificates will not be issued until domain validation is completed. For immediate certificate issuance, submit domains for pre-validation when possible.

This validation method allows you to demonstrate control over your domain by hosting a .txt file containing a randomly generated token value at a predetermined location on your website. Once the file is created and placed on your site, DigiCert visits the specified URL to confirm the presence of your verification token. Make sure to avoid some of the more Common Mistakes: HTTP Practical Demonstration DCV Method.

Step 1: Check the Status of Your Pending Order

After you’ve ordered a TLS/SSL certificate, you can visit the certificate’s Order# details page to see its validation status. You can also see if the order is waiting on domain or organization validation to be completed before it can be issued.

  1. In your CertCentral account, in the sidebar menu, click Certificate > Orders.

  2. On the Orders page, use the filters and advanced search features to locate the pending certificate order you want to view.

  3. In the Order# column of the certificate order, click the order number link.

  4. On the Order# details page, in the Order status section, you can check the order's validation status (for example, is the order waiting on domain or organization validation to be completed).

Note: After validation is completed (domains and organization), the Order status section no longer appears on the Order# details page.

Step II: Use HTTP Practical Demonstration to Demonstrate Control Over the Domain

  1. On the Order# details page, in the Order status section, under You Need To, locate the domain pending validation and click the domain link.

Note: When you have multiple domains (SANs) on your order, each one will be listed. Those with a checkmark next to them are validated. Those with a clock icon next to them are pending validation.

  1. In the Prove Control Over Domain window, in the DCV Method drop-down list, select HTTP Practical Demonstration.

  2. Create Your .txt File:

    1. In the Token box, copy your unique token.
      To copy the value to your clipboard, single click in the text field.
      Note: The unique token expires after thirty days. To generate a new token, click the Generate a New Token link.
    2. Open a text editor (such as Notepad) and paste in your unique Token.
    3. In your HTTP practical demonstration URL, the string after pki-validation/ is the name of your txt file.
      For example, if your HTTP practical demonstration URL is http://example.com/.well-known/pki-validation/c7e2ff0c848e4707594066cc860.txt, then, your file name is c7e2ff0c848e4707594066cc860.txt.
    4. Save the .txt file you created under this name (for example, c7e2ff0c848e4707594066cc860.txt).
  3. Create the .well-known/pki-validation Directory:

    Create the .well-known/pki-validation/ directory on your site and place your .txt file in it.

Note: For Windows-based servers, the .well-known folder must be created via command line (mkdir .well-known).

  1. Verify the HTTP Token:

    1. In your CertCentral account, in the sidebar menu, click Certificate > Orders.
    2. On the Orders page, in the Order# column of the certificate order, click the order number link.
    3. On the Order# details page, in the Order status section, under You Need To, locate the domain and click the domain link.
    4. n the Prove Control Over Domain window, under 2. Check HTTP Token, click Check.
  2. Congratulations! You have completed the domain validation for the domain.

Troubleshooting Tips:

Verify the URL matches exactly

  1. Make sure that the URL for your web page matches the DigiCert provided URL.
    http://YourDomain.com/.well-known/pki-validation/[filename].txt

  2. Where YourDomain.com matches the domain that you are validating and [filename].txt matches the unique hash provided by DigiCert under Your HTTP token URL (for example, c7e2ff0c848e4707594066cc860.txt).

Note: If you are missing a period, a number, or a letter, validation cannot be completed.