Instructions for authorizing a domain using a File on your website:
This validation method requires you demonstrate control over the website content for the domain by making a file available at the file location—provided by your support representative. You must then add the random value verification token—provided by your support representative—to the web page in the exact location specified. When a CA does a search for the specified URL on that domain, they can look for and confirm the presence of our verification token.
How to Use Your Website to Validate Your Control of Your Domain.
Use this instruction if you need us to validate a domain by proving you are in control of your website content
- Your Authentication support representative will provide you with the following items:
- The location (URL) where you need to make the file available (e.g., [domain name]/.well-known/pki-validation/fileauth.txt).
- A generated token (e.g., randomnumbersandletters) that you need to add to the fileauth.txt file on the web page.
- Upload the file to your website at the specified location that the representative gives you. (e.g., http://example.com/.well-known/pki-validation/fileauth.txt).
- Add the token to the fileauth.txt file on the web page.
Example:
- Ask your Authentication support representative to check the webpage you created with the supplied token they gave you.
If everything is set up correctly, your Domain Control Validationwill be completed.
Troubleshooting:
To validate your domain using the File Auth DCV method, the CA will provide you with a URL and a token value. The URL does two things:
- It contains the FQDN (fully qualified domain name) of the domain you want us to validate.
- It tells us where to look so that we can find the fileauth.txt you add the generated random value to.
Below are some of the more common issues we run into when troubleshooting the reason File Auth checks fail. The File Auth DCV process was designed to keep an unauthorized individual from using a domain they do control to validate and get a certificate for a domain they don’t control, such as one of yours.
Don’t Modify the URL Provided.
If you modify the URL in any way (change to the FQDN, capitalize a lowercase letter, forget to add a period, etc.), we won’t find the fileauth.txt file with our generated random value in it.
For example, if we provide you with this URL: [http://yourdomain.com]/.well-known/pki-validation/fileauth.txt, don’t add www to it ([http://www.yourdomain.com]/.well-known/pki-validation/fileauth.txt) or capitalize a letter that wasn’t capitalized in the original URL ([http://yourdomain.com]/.well-known/PKI-validation/fileauth.txt).
Don’t Place It on a Different Domain or Subdomain.
To complete domain control validation for yourdomain.com, place the fileauth.txt file on the exact domain you want validated; the one we generate the URL for. We won’t look at a different domain or subdomain to find our random token. We only look at the domain you want validated (such as the domain on your certificate order).
For example, if you need yourdomain.com validated so that you can request SSL/TLS certificates for it, we generate a URL for this domain – [http://yourdomain.com]/.well-known/pki-validation/fileauth.txt. Don’t place the fileauth.txt file on sub.yourdomain.com or modify the URL and place it on yourotherdomain.com – it won’t work. We can’t find the fileauth.txt file on these domains – only on yourdomain.com.
yourdomain.com and www.yourdomain.com.
If you want us to validate www.yourdomain.com and yourdomain.com, place the fileauth.txt file on yourdomain.com. This validates both yourdomain.com and www.yourdomain.com. We won’t look at www.yourdomain.com to find the fileauth.txt file.
Free Base Domain SAN.
If you received a free base domain SAN on your SSL certificate, make sure to place the fileauth.txt file on the base domain. We need to validate the domain on the SSL certificate order.
Don’t Include Any Additional Content in the fileauth.txt File.
When you create the fileauth.txt file, copy the provided token value and paste it in the file. Don’t add the word “token” or any other text.
Because we only read the first 2kb of the fileauth.txt file, additional text blocks us from validating your control over the domain.
Don’t Place the fileauth.txt File on a Page with Multiple Redirects.
When using the File Auth method for domain validation, the fileauth.txt file may be placed on a page that contains up to one redirect. With a single redirect, we are still able to locate the fileauth.txt file and verify your control over the domain.
For example, you need a certificate for http://example.com, but the page redirects to http://www.example.com. That’s okay. You can place the fileauth.txt file on the http://example.com page. We will still be able to follow the single redirect to validate your control over http://example.com.
However, if you place the fileauth.txt file on a page with multiple redirects, we won’t be able to locate the file. Multiple redirects block us from locating the fileauth.txt file and validating your control over the domain.
For example, you need a certificate for http://multiple-redirect.com, but the page redirects to http://www.multiple-redirect.com and then redirects again to http://www.single-redirect.com. In this case, you must still place the fileauth.txt file on the http://multiple-redirect.com page. However, you will need to disable the second redirect (http://www.single-redirect.com) long enough for us to locate the fileauth.txt and validate your control over http://multiple-redirect.com.
If you’re still having problems in validating your domain or need a new DCV resent, Please Contact Support.
For SSL Partner Center clients please submit a support ticket by performing the following.
- Within your SSL Partner Center Dashboard, click Support > Submit a Ticket.
- In the Submit Ticket page Related To drop down select under Order Support > Authentication.
- Supply any helpful information related to the issue.
- Click Submit.
Other methods of validation:
- Email Validation (Default DCV Method)
By default, when you add domains to your account for pre-validation, Some CA’s will send two sets of DCV emails: WHOIS-based and Constructed. To demonstrate control over the domain, an email recipient follows the instructions in a confirmation email sent for the domain. The confirmation process consists of visiting the link provided in the email and following the instructions on the page.
See Authentication/Orders Support: Domain Pre-Validation – Email Validation. - DNS TXT Validation:
With this validation method, you add a CA generated token to the domain’s DNS as a TXT record. When The CA does a search for DNS TXT records associated with the domain, they can find a record where the record’s value includes the CA verification token.
See Authentication/Orders Support: Domain Pre-Validation – DNS TXT Validation.