What is Domain Control Validation (DCV) / Domain Validation (DV)? Why is it necessary?
DCV or DV is the method by which the Certifying Authority (CA) verifies that you are authorised to request a certificate for that hostname by the domain owner. The DCV/DV check is compulsorily done by the CA for every new certificate purchase/request, certificate re-issue request, or certificate renewal request.
You are asked to select the DCV option when you fill the certificate enrollment form (Step 2).
The DCV/DV validation can be done in any ONE of the following ways:
- Email with verification link to the domain owner know more about Email DCV
- Adding a custom DNS entry (CNAME or TXT based on the certificate) know more about DNS DCV
- Upload a custom file to a website folder know more about File DCV
If I place an order for a Domain Validated SSL Certificate, which document(s) do I need to provide?
You do not need to provide any documentation in order to purchase a Domain Validated (DV) certificate. All you will need to do is confirm that you own the domain you wish to cover, either through a simple email or file or DNS-based validation.
If your website uses Privacy Protection services for your domain name, we recommend you do NOT use Email-based validation as it will delay the domain validation and certificate issue process.
How long will domain validation take?
This largely depends on the type of certificate that you purchased and your response times. No matter which type of certificate that you purchase, the Certificate Authority (CA) will be contacting you directly and will only proceed with next steps upon your response. For Domain Validated (DV) certificates, these can typically be issued in a matter of minutes to one business day.
- Email-based DCV is completed as soon as you click the link and enter the verification code from the CA's email. This is the easiest method.
- DNS-based DCV is completed when the CA detects the correct DNS entry (CNAME or TXT as the case may be) after it has propagated globally and depending on the TTL value could take from 5 minutes to 4 hours in rare cases. Delays can be caused by adding record in the wrong control panel or using a high TTL value for the record.
- File-based DCV is completed when the CA detects the correct file, with correct text content, at the correct location, and could take from a few minutes upto 4 hours. Delays can be caused by website's redirection, incorrect file content/location, or File validation queue/problems at CA's issuing server.
Selected orders may be flagged for an additional Brand Validation procedure by the CA. That means that the CA's managers will review your order as it requires manual check.
Possible reasons for manual review:
- Some countries may be reviewed manually, for example: South Korea, North Korea, Sudan, Afghanistan and some others.
- Your domain name include popular Brand name, for example: facebook-app.com, sony-shop.net and others.
- Your domain name has similar brand name, for example you have domain name "sibmama.com", but validation system may flag your order as "sIBMama", so "IBM" brand was found in your name, so managers must check order manually.
- Your domain name has special words: "pay, online, secure, booking, shop, bank, transfer, money, e-payment, payment, protection and others", in that case validation also will be manual.
In most cases after the manual review the hold on order processing is removed. Manual review may take up to 24-48 business hours.
I completed the validation requirements, but never received the certificate. What should I do?
Possible issues you can check before contacting us are:
- For File-based DCV, there may be extra space(s) in the text file content, or a firewall setting may be blocking http/https requests from CA server IPs since they are located outside the country.
- For DNS-based DCV, the DNS record may not have been correctly created or may need more time to propagate globally depending on the initial TTL value. Use the lowest possible TTL value for the quickest validation.
- In the case of Multi-Domain certificates, you may need to perform DCV for more than one domain name. Check if you have completed DCV requirements for all domains.
After completing validation, the Certificate Authority (CA) will send the certificate to the email address that was used for Domain Control Validation.
If, for whatever reason, the email address does not receive the email, you can also download the files from the Order Details page on our website.
If you have difficulty locating the email with the Order Details page link after checking your Spam & Junk Mail folders, please submit a ticket so we can resolve your case.
Can I use the email address listed in the domain WHOIS info to complete Domain Control Validation (DCV)?
Yes, you can do this for all Comodo SSL Certificates listed on our website if your domain's domain registrar shares this info publicly. For RapidSSL, Thawte and GeoTrust certificates you need to use one of the 5 pre-approved email addresses. To know which email addresses are authorised to be DCV Approvers for your domain use this free DCV Email Approver Check tool.
Can I switch my method of Domain Control Validation from Email to File, or vice versa?
You can switch your method of Domain Control Validation by using the Change Domain Validation Method option on your Order Details page, or using the Security Solution Manager for Multi-Domain certificates. You can choose one of the other DCV methods for validation.