How can I complete the domain control validation (DCV) for my SSL certificate?

The domain ownership rights should be confirmed prior to the certificate issuance. Different methods of Domain Control Validation can be chosen during the activation process.

Earlier, only email validation was possible, now you have an opportunity to choose between email and HTTP-based validation.

What does each option mean?

Email validation. The common way to prove your domain name ownership is to approve the email received from Certificate Authority.
During the activation, it is necessary to choose the email address where the approver email will be sent to.

Due to regulations of Certificate Authority (Comodo) the approver can be sent either to  a domain whois record or to one of the following domain-based emails: admin@example.com, administrator@example.com, postmaster@example.com, webmaster@example.com or hostmaster@example.com.

When the activation is complete, you will receive the email from the Certificate Authority to the selected email address.

HTTP-based validation. This type of validation can be done by uploading a special text file to the web-root folder of the website.

In order to find the validation file you need to perform the following steps:

1) complete the activation of your certificate;
2) go to Purchased certs list;

http://helpdesk.ssls.com/hc/en-us/article_attachments/203793759/dcv_01.jpg

3) click your certificate ID;

http://helpdesk.ssls.com/hc/en-us/article_attachments/203806265/dcv_02.jpg

4) locate the red button “Save activation file” and click for downloading.

http://helpdesk.ssls.com/hc/en-us/article_attachments/203771289/dcv_03.jpg

 

A pop-up window will appear and will prompt you to download the needed file (*.txt for COMODO certificates).

When the file downloaded, it is necessary to place it to the root folder of the website. In order to validate your certificate, the file should be accessible via the following URL:

http://example.com/filename.txt.

Note! When a COMODO certificate is activated for a subdomain, the text file can be uploaded either into the domain root directory or to the document folder of a subdomain. But if you are activating a COMODO Multi-domain certificate for subdomains, you should place the validation file into the Document root directory of the corresponding subdomain.

In order to proceed with HTTP validation of Wildcard certificates, it is necessary to place the verification file to the root folder of a main domain (for instance, you have a certificate for *.example.com, the file should be placed to the root folder of example.com).

If do not have access to the methods described above, you may consider DNS-based validation. In order to apply this method, you will need to contact Support Team via ticket or chat system.

The main action you need to perform is to create a CNAME record in the DNS settings of your domain.

Note: Prior to the certificate activation, you may create a .txt file or CNAME record using the plain text of the CSR you are going to use for activation. The CSR hashes should be applied for alternative validation. Check further steps on how to create details needed for each type of validation:

1) Go to sslchecker.com -> Decoders -> CSR decoder or click here;

2) Paste your CSR and click Decode button;

http://helpdesk.ssls.com/hc/en-us/article_attachments/203806285/dcv_04.jpg

3) Once the results are displayed, locate “Advanced" field where the needed hashes can be found (MD5 and SHA1 hashes);

DNS-based (CNAME):

Follow the next steps to validate your certificate using a CNAME record:

The subdomain with MD5 hashes should be pointed to the hostname SHA-1_hash.comodoca.com at your domain registrar or hosting provider (depending on where you keep your DNS zone).

The values should look like this:

Host/Sub: E4AB5386AA162D741B0E67DFB52E262E.yourdomain.tld

Destination hostname (Alias): 43D4C8D91F8A18CE7C19A152A0B882EB1C854AB1.comodoca.com

Record type: CNAME

NB: There are several DNS editors which add a domain name automatically, so the domain name will be doubled and look like that: sub1.example.com.example.com.

Double-check whether the editor you use adds a domain name to a record. If it does, the hash should be added only (for instance, sub1.) For instance:

Host/Sub: E4AB5386AA162D741B0E67DFB52E262E.sub1

Destination hostname (Alias): 43D4C8D91F8A18CE7C19A152A0B882EB1C854AB1.comodoca.com

Record type: CNAME

 

Once the values are saved and the propagation is complete, Comodo validation system will be able to reach and verify the validation record.

Note! If you decide to go with CNAME method, please contact our Support team so that they can switch the validation method to CNAME one and your record should be validated then.

HTTP-based:

Open any text editor (depending on your OS: a notepad (for Win users) or Textedit (for OS X users)

There should be 2 lines in your document

1: SHA-1 hash

2: comodoca.com

The content of verification file should be as follows:

43D4C8D91F8A18CE7C19A152A0B882EB1C854AB1

comodoca.com

Important: There should not be any spaces in lines.

Then save this file as MD5_hash.txt (ex.: E4AB5386AA162D741B0E67DFB52E262E.txt) and upload it to the root directory of the domain name, so it should  be accessible via: http://yourdomain.com/43D4C8D91F8A18CE7C19A152A0B882EB1C854AB1.txt

Keep in mind if https:// is enabled on your server and the validation file is accessible via https://, contact Support in order to update the validation method and speed the process up.

The alternative validation via HTTP or CNAME may take up to 1 hour. If it takes more time,  it is necessary to check whether the file is accessible publicly or the record is still being propagated. If everything looks fine from your side, please contact our Support Team so that we can check the issue with your certificate validation for you.

Powered by Zendesk