Skip to main content

SSL Validation Methods Guide

Updated over 2 weeks ago

When you purchase an SSL certificate, the Certificate Authority (CA) must verify that you control the domain. This is done through Domain Control Validation (DCV), which can be completed using one of three methods:

Methods:

  1. Email-Based Validation

  2. DNS-Based Validation

  3. HTTP/HTTPS File Upload Validation

Email-Based Validation

You confirm ownership by responding to a verification email sent to a domain-related address.

How it works:

  • The CA sends an email with a unique verification link or code to a pre-approved email address associated with your domain.

Accepted email addresses (must be active on your domain):

Note: Make sure your domain's email system is set up and working.

DNS-Based Validation (CNAME record)

You add a DNS record (CNAME) to your domain’s DNS zone to prove ownership.

Steps:

  1. Choose DNS Validation during your SSL request.

  2. In the client area, you will see the record that you need to add for your domain.

  3. Log in to your DNS provider (e.g., GoDaddy, Cloudflare, AWS Route 53).

  4. Add the record exactly as provided.

  5. Wait for DNS propagation (can take a few minutes to several hours).

  6. Please let us know that we can check the DNS propagation.

  7. Once verified, SSL will be issued.

Note: If you had the last time for your domain CNAME validation, please remove the old CNAME record and only then add a new one.

HTTP/HTTPS File Upload Validation

What is it?

You upload a specific file to a specific path on your website to prove you control the domain.

Steps:

  1. Choose HTTP or HTTPS File Validation during SSL request.

  2. In our client area, you will see what you need to add:

    • A file (e.g., B5432A49F0A3A2C9C894D.txt)

    • File contents (a unique validation code)

    • Target URL: http://yourdomain.com/.well-known/pki-validation/B5432A49F0A3A2C9C894D.txt

  3. On your web server, create the path:

/.well-known/pki-validation/

4. Upload the file with exact content and filename.

5. Ensure the file is publicly accessible via browser.

6. Let us know that we can re-check.

7. Once validated, SSL is issued.

For example:

URL to test:
http://yourdomain.com/.well-known/pki-validation/B5432A49F0A3A2C9C894D.txt

Which Method Should You Choose?

Situation

Best Method

No access to DNS or server

Email

No email or WHOIS is hidden

DNS or HTTP

Using CDN or can't modify DNS easily

File upload (HTTP)

Domain is not hosted yet

DNS (easy to set up)

Related Articles
How to change domain's A record
How to check DNS records of a domain
How to Create Mail Server Using Mailcow
How to link domain to Blogger, GitHub, and WordPress platforms?
How to use my domain with Tumblr?
Did this answer your question?