The domain ownership rights should be confirmed prior to the certificate issuance. Different methods of Domain Control Validation can be chosen during the activation process.
Earlier, only email validation was possible, now you have an opportunity to choose between email and HTTP-based validation.
What does each option mean?
Email validation. The common way to prove your domain name ownership is to approve the email received from Certificate Authority.
During the activation, it is necessary to choose the email address where the approver email will be sent to.
Due to regulations of Certificate Authority (Comodo, now Sectigo) the approver can be sent either to a domain whois record or to one of the following domain-based emails: email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org or email@example.com.
When the activation is complete, you will receive the email from the Certificate Authority to the selected email address.
HTTP-based validation. This type of validation can be done by uploading a certain text file into a particular directory of your website (<DOCUMENT_ROOT>/.well-known/pki-validation/).
In order to find the validation file you need to perform the following steps:
1) complete the activation of your certificate;
2) go to Purchased certs list;
3) click your certificate ID;
4) locate the red button “Save activation file” and click for downloading.
A pop-up window will appear and will prompt you to download the needed .txt file.
When the file downloaded, it is necessary to place into the following location: <DOCUMENT_ROOT>/.well-known/pki-validation/. In order to validate your certificate, the file content should be shown via the following URL:
Please make sure to have no access restrictions set on the server so that the file can be accessible worldwide for verification.
For this a '.well-known' folder needs to be created inside of the Document root directory; next, create a folder named 'pki-validation' inside of the '.well-known' one and put the validation file into the 'pki-validation' folder.
Note! When a COMODO certificate is activated for a subdomain, you need to create the mentioned folders with the validation file uploaded within the subdomain root directory; if the folders with the file uploaded were created within the directory of the main domain - it should get verified as well. If you are activating a COMODO Multi-domain certificate for subdomains, you should place the validation file into the Document root directory of the corresponding subdomain and for its domain as well.
In order to proceed with HTTP validation of Wildcard certificates, it is necessary to create the '.well-known' folder under the root folder of a main domain, and then 'pki-validation' folder inside of it with the validation file placed in the 'pki-validation' one (for instance, you have a certificate for *.example.com, the file should become accessible via http://example.com/.well-known/pki-validation/file.txt).
Note! If you have activated the certificate with www.domain.com indicated as FQDN in your CSR code, please make sure that the file is available via http://domain.com/.well-known/pki-validation/file.txt . In this case, www.domain.com is considered to be under your control as well.
The content of the file shouldn't be changed in any way, as Comodo (now Sectigo) validation system is case sensitive.
Keep in mind if https:// is enabled on your server and the validation file is accessible via https://. In order to update the validation method and speed the process up, contact Support by submitting a ticket here or via a Live Chat by clicking on the blue bubble icon in the lower right corner of this page.
If do not have access to the methods described above, you may consider DNS-based validation. In order to apply this method and get the DNS record, you will need to contact Support Team via ticket or start a Live Chat by clicking on a blue bubble button at the bottom of the page.
The main action you need to perform is to create a CNAME record in the DNS settings of your domain.
The alternative validation via HTTP or CNAME may take up to 1 hour. If it takes more time, it is necessary to check whether the file is accessible publicly or the record is still being propagated. If everything looks fine from your side, please contact our Support Team so that we can check the issue with your certificate validation for you.