How can I complete the domain control validation (DCV) for my SSL certificate?

The domain ownership rights should be confirmed prior to the certificate issuance. Different methods of Domain Control Validation can be chosen during the activation process.

Earlier, only email validation was possible, now you have an opportunity to choose between email and HTTP-based validation.

What does each option mean?

Email validation. The common way to prove your domain name ownership is to approve the email received from Certificate Authority.
During the activation, it is necessary to choose the email address where the approver email will be sent to.

Due to regulations of Certificate Authority (Comodo) the approver can be sent either to  a domain whois record or to one of the following domain-based emails: admin@example.com, administrator@example.com, postmaster@example.com, webmaster@example.com or hostmaster@example.com.

When the activation is complete, you will receive the email from the Certificate Authority to the selected email address.

HTTP-based validation. This type of validation can be done by uploading a certain text file into a particular directory of your website (<DOCUMENT_ROOT>/.well-known/pki-validation/).

In order to find the validation file you need to perform the following steps:

1) complete the activation of your certificate;
2) go to Purchased certs list;

http://helpdesk.ssls.com/hc/en-us/article_attachments/203793759/dcv_01.jpg

3) click your certificate ID;

http://helpdesk.ssls.com/hc/en-us/article_attachments/203806265/dcv_02.jpg

4) locate the red button “Save activation file” and click for downloading.

http://helpdesk.ssls.com/hc/en-us/article_attachments/203771289/dcv_03.jpg

 

A pop-up window will appear and will prompt you to download the needed file (*.txt for COMODO certificates).

When the file downloaded, it is necessary to place into the following location: <DOCUMENT_ROOT>/.well-known/pki-validation/. In order to validate your certificate, the file should be accessible via the following URL:

http://your(sub)domain/.well-known/pki-validation/<filename.txt>

Note! When a COMODO certificate is activated for a subdomain, you need to upload the text into the subdomain root directory; if the file is uploaded to the directory of the main domain - it should get verified as well. If you are activating a COMODO Multi-domain certificate for subdomains, you should place the validation file into the Document root directory of the corresponding subdomain and for its domain as well.

In order to proceed with HTTP validation of Wildcard certificates, it is necessary to place the verification file to the root folder of a main domain (for instance, you have a certificate for *.example.com, the file should be placed to the root folder of example.com).

If you have activated the certificate with domain.com or www.domain.com indicated as FQDN in your CSR code, please make sure that the file is available via http://domain.com/.well-known/pki-validation/file.txt . In this case, www.domain.com is considered to be under your control as well.

If the certificate is activated for a www-subdomain, the file should be accessible via both http://domain.com/.well-known/pki-validation/file.txt and http://www.domain.com/.well-known/pki-validation/file.txt.

The content of the file shouldn't be changed in any way, as Comodo validation system is case sensitive.

Keep in mind if https:// is enabled on your server and the validation file is accessible via https://, contact Support in order to update the validation method and speed the process up.

If do not have access to the methods described above, you may consider DNS-based validation. In order to apply this method and get the DNS record, you will need to contact Support Team via ticket or chat system.

The main action you need to perform is to create a CNAME record in the DNS settings of your domain.

The alternative validation via HTTP or CNAME may take up to 1 hour. If it takes more time,  it is necessary to check whether the file is accessible publicly or the record is still being propagated. If everything looks fine from your side, please contact our Support Team so that we can check the issue with your certificate validation for you.

Powered by Zendesk