StarDomain

Domain Validation Process

Domain Validation Process

Domain validation (DV) is the process of proving that you own or control a domain before an SSL certificate can be issued. This is a required step for all SSL certificate types (DV, OV, and EV). This guide explains the three main validation methods.

Why Is Domain Validation Required?

Certificate Authorities (CAs) must verify that the person requesting an SSL certificate actually controls the domain. This prevents unauthorized certificates from being issued for domains you do not own, which could be used for phishing or man-in-the-middle attacks.

Method 1: Email Validation

Email validation is the most common and straightforward method. The CA sends an approval email to a pre-approved address at the domain.

Accepted Email Addresses

The CA will send the validation email to one of these standard addresses at your domain:

Steps

  1. During SSL configuration, select Email Validation
  2. Choose one of the accepted email addresses from the list
  3. The CA sends an email containing a validation link and/or code
  4. Open the email and click the Approve link
  5. Enter the validation code if prompted
  6. Your domain is validated, and the certificate is issued

Tip: Create the validation email address before starting the SSL order. If you use Google Workspace or Microsoft 365, set up a catch-all or create the specific address.

Timeline

  • Validation email is typically sent within minutes
  • Certificate is issued immediately after approval
  • Most CAs allow up to 30 days to complete email validation

Method 2: DNS Validation (CNAME/TXT Record)

DNS validation requires adding a specific DNS record to prove domain control. This is useful when you do not have email set up on the domain.

Steps

  1. During SSL configuration, select DNS Validation
  2. The CA provides a unique CNAME or TXT record to add:

- Record type: CNAME or TXT

- Host/Name: A unique hash value (e.g., _dnsauth.example.com or a random string)

- Value/Target: A verification string provided by the CA

  1. Log in to your DNS management panel
  2. Add the DNS record exactly as provided
  3. Wait for DNS propagation (can take up to 24-48 hours, but often faster)
  4. The CA periodically checks for the record and validates automatically

Tip: Copy and paste the DNS record values exactly as provided. Even a small typo will cause validation to fail. Do not add extra spaces or modify the values.

Timeline

  • DNS propagation: 15 minutes to 48 hours
  • CA verification checks: Every few minutes to hourly
  • Total time: Usually 30 minutes to a few hours

Method 3: HTTP/HTTPS File Validation

HTTP validation requires uploading a specific file to your web server. This proves you have control over the server hosting the domain.

Steps

  1. During SSL configuration, select HTTP Validation (or File-Based Validation)
  2. The CA provides:

- A file name (e.g., fileauth.txt or a hash-based filename)

- File content (a unique validation string)

- The URL path where it must be accessible

  1. Create the file with the exact content provided
  2. Upload it to your web server at the specified path, typically:

```

http://example.com/.well-known/pki-validation/FILENAME

```

  1. Verify the file is accessible by visiting the URL in your browser
  2. The CA checks the URL and validates automatically

Requirements

  • The file must be accessible over HTTP on port 80 (some CAs also accept HTTPS on port 443)
  • No redirects should interfere with accessing the file
  • The file content must match exactly what the CA specified
  • The domain must resolve to the server where the file is hosted

Tip: If your site redirects HTTP to HTTPS, temporarily disable the redirect or ensure the validation file is accessible via both protocols.

Timeline

  • Immediate once the file is uploaded and accessible
  • CA checks typically complete within minutes

Which Method Should You Choose?

MethodBest WhenSpeed
EmailYou have email set up on the domainFastest (minutes)
DNSYou control DNS but not the web serverModerate (hours)
HTTPYou have web server access but no email/DNSFast (minutes)

Troubleshooting

  • Validation email not received: Check spam/junk folders. Verify the email address exists and is receiving mail. Try a different approved address.
  • DNS record not detected: Verify the record is correctly added using an online DNS lookup tool. Check for typos in the host name or value. Wait for propagation.
  • HTTP file not accessible: Ensure no redirects, WAF rules, or .htaccess rules are blocking access. Test by visiting the exact URL in a browser.
  • Validation expired: Most CAs allow 30 days. If expired, you may need to restart the validation process from your SSL service page.
  • Wildcard certificate validation: Wildcard certificates (*.example.com) typically require DNS validation — email and HTTP methods are usually not available.

Related Articles

Need help with domain validation? Contact {{COMPANY_NAME}} support at {{SUPPORT_EMAIL}} or open a ticket at {{SUPPORT_URL}}.

Need Help?
New TicketTrack TicketKnowledge BaseContact Us