为了保持无缝的证书颁发流程,请在您的域验证失效之前,通过完成域控制验证 (DCV) 重新验证。
Don’t wait until your domain's validation expires to revalidate it. With CertCentral, you can revalidate a domain at any time. This domain management feature enables you to complete the domain's validation early, so your immediate certificate issuance process continues without interruption.
Items to note about domain validation:
Per industry standards, a domain's validation is valid for 397 days (approximately 13 months).
If you order a certificate while the domain's revalidation is pending, we use the domain's current validation to issue the certificate if it is still valid.
在您的 CertCentral 帐户的左侧主菜单中,转到证书 > 域。
在域页面上,单击您要重新验证的域的域名。
在域控制验证 (DCV) 方法部分,选择要用来证明对域的控制权的方法:
验证电子邮件
Go to your DNS provider and create a TXT record. Add a DigiCert-generated random value to the domain's TXT record. DigiCert does a search for a DNS TXT record associated with the domain that includes the DigiCert-generated random value.
DNS TXT 记录
An email recipient follows the instructions in a confirmation email sent for the domain. DigiCert can send three sets of DCV emails: Email to DNS TXT contact, Constructed Email, and WHOIS-based.
Email to DNS TXT contact
Place the DNS TXT record on the
_validation-contactemailsubdomain of the domain you want to validate. The RDATA value of this text record must be a valid email address.DigiCert sends an authorization email to the email addresses found in the DNS TXT record on the
_validation-contactemailsubdomain of the domain you are validating.Email to Constructed Email
DigiCert sends the authorization email to five constructed email addresses for the domain: admin, administrator, webmaster, hostmaster, and postmaster @[domain_name].
Before DigiCert can successfully send an authentication DCV email to the domain owner (or domain controller), we must verify that an MX record (a resource record in the Domain Name System [DNS]) exists in the DNS records of the recipient's domain name. The presence of valid MX records enables us to send the authentication email.
Email to WHOIS
For WHOIS-based email, DigiCert sends an authorization email to the registered owners of the public domain as shown in the domain's WHOIS record.
警告
End of life for the WHOIS-based Email method
On May 8, 2025, DigiCert will end support for the WHOIS-based DCV email method. DigiCert systems will stop querying WHOIS entirely to find email addresses for domain validations.
If you still want to use the Email DCV method, use the DNS TXT record email contact or the Constructed email method.
To learn more about the end of life for WHOIS-based email, see our knowledge base article, End of life for WHOIS-based DCV methods.
DNS CNAME 记录
Go to your DNS provider and create a CNAME record. In the hostname field, enter
_dnsauth. Then, add[random_value].dcv.digicert.comin the target host field to point the CNAME record to dcv.digicert.com. DigiCert does a search for a DNS CNAME record associated with the domain that includes the DigiCert-generated random value.HTTP 实用演示
You can only use the HTTP Practical Demonstration DCV methods to demonstrate control over fully qualified domain names (FQDNs) exactly as named. To learn more, visit Domain Validation Policy Changes.
HTTP Practical Demonstration
Host a file containing a DigiCert-generated random value at a predetermined location on your website:
http://{domain-name}/.well-known/pki-validation/fileauth.txt. DigiCert visits the specified URL to confirm the presence of our random value.HTTP Practical Demonstration with unique filename
Host a file with a random, DigiCert-generated filename that contains a DigiCert-generated random value at a predetermined location on your website:
http://{domain-name}/.well-known/pki-validation/{unique-filename}.txt. DigiCert visits the specified URL to confirm the presence of our random value.
单击提交以进行验证。
使用选中的 DCV 方法完成域验证,并证明对域的控制权。有关更多信息,请参阅域预验证:域控制验证 (DCV) 方法。
References: