Domain Control Validation (DCV)¶
For security reasons, is necessary to verify that you have the full agreement of the domain’s owner to use the SSL certificate for the domain.
If you have requested an SSL certificate for a domain that you don’t control (as owner, admin, or tech contact), you will be offered three validation methods after you submit your CSR.
If you are purchasing an SSL certificate for a domain for which you are already a contact, this method is chosen for you automatically, and the zone file is updated for you. In the event that you chose a multi-domain certificate, you must have the rights to all the domains present in the certificate for this validation method to work.
Validation by DNS record implies that you have access to the DNS record management of your domain (whether or not at Gandi), and can add a CNAME record to it.
If you opt for this method, you will need to add a special CNAME record to your domain’s DNS zone records.
If you see an existing CNAME record for this validation in your zone file, it was automatically added for you. There is no need to add another one. You will need to wait for DNS to update, however, which may take several hours.
This validation method is simple, though requires that you have a specific email address available for each domain to be validated.
This email address must be created with the user admin@. For example, if you want to validate the domain example.com, you must create the email address firstname.lastname@example.org.
You have 30 days to confirm by email, after which the operation will time out.
This validation method requires that you have access to the web server that hosts the website that the domain will point to.
You are asked to copy a TXT file that contains a verification key, and to place it at the following location (.well-known/pki-validation/filename.txt):
Note that you must replace adapt the URL to match your own address, as well as “filename”.
Sectigo will verify the file within 1 hour of the launch of the validation process.