Demonstrate control over your domain with a DNS TXT Record

Follow these instructions to add and authorize a domain for SSL/TLS certificates. Then, use the DNS TXT Record DCV method to demonstrate control over the domain in your CertCentral account.

Note: When domain validation can't be done ahead of time, see Domain Validation (Pending Order): Use the DNS TXT Record DCV Method.

This validation method allows you to demonstrate control over your domain by creating a DNS TXT record containing a randomly generated token as the value. Once the DNS TXT record is created, DigiCert searches the domain's DNS records to confirm the presence of your verification token.

For information about other supported DCV methods in CertCentral, see Domain Pre-Validation: Domain Control Validation (DCV) Methods.

Step I: Add and Authorize a Domain for SSL/TLS Certificates

  1. In your CertCentral account, in the sidebar menu, click Certificates > Domains.

    CertCentral Domains

  2. On the Domains page, click New Domain.

    CertCentral Domains

  3. On the New Domain page, under Domain Details, enter the following domain information:

    1. *Domain Name

      In the box, enter the domain name for which the certificates will be requested (e.g., example.com).

    2. *Organization

      In the drop-down list, select the organization to which the domain is assigned.

    CertCentral Domains

  4. Under Validate This Domain For, check the validation types for which you want the domain validated:

    • OV – Normal Organization Validation

    • EV – Extended Organization Validation (EV)*

    Validation Note: Before you can submit a domain for OV and/or EV validation, you must first submit its organization for OV and/or EV validation.

    *In the EV Verified User drop-down list, select an account user that you want to designate as an EV Certificate requests approver.

    Only an EV Verified User can approve Extended Validation (EV) Certificate requests. Note that only users with a job title and valid telephone number appear in the drop-down list.

    Note: The EV Verified User drop-down list box only appears if you checked EV - Extended Organization Validation (EV), and the organization that you selected earlier (step 3) has not been pre-authorized for EV-Extended Organization Validation (EV).

    CertCentral Domains

  5. Under *Domain Control Validation (DCV) Method, select DNS TXT Record.

    Note: The default DCV method is Verification Email.

    CertCentral Domains

  6. Click Submit for Validation.

Step II: Use DNS TXT Record to Demonstrate Control Over the Domain

  1. Create Your DNS TXT Record:

    1. Under User Actions, in the Your unique verification token box, copy your verification token.

      To copy the value to your clipboard, single click in the text field.

      Note: The unique verification token expires after thirty days. To generate a new token, click the Generate New Token link.

    2. Go to your DNS provider's site and create a new TXT record.

    3. In the TXT Value field, paste your verification code that you copied from your DigiCert account.

    4. Host field

      • Base Domain

        If you are validating the base domain, leave the Host field blank, or use the @ symbol (depending on your DNS provider requirements).

      • Subdomain

        In the Host field, enter the subdomain that you are validating.

    5. In the record type field (or equivalent), select TXT.

    6. Select a Time-to-Live (TTL) value or use your DNS provider's default value.

    7. Save the record.

    CertCentral Domains

  2. Verify the DNS TXT Record:

    1. In your CertCentral account, in the sidebar menu, click Certificates > Domains.

    2. On the Domains page, click the "Domain Name" link (e.g., example.com).

    3. On the "Domain Name" page (e.g., example.com), at the bottom of the page, click Check TXT.

      You have successfully verified the TXT.