Using the Email DCV method to validate your domains but not receiving the validation email as expected
Before DigiCert can issue your SSL/TLS certificate, you must prove control over the domains on the order. With the email validation method, DigiCert sends a DCV email to specific email addresses. To demonstrate control over the domain, an email recipient follows the instructions in a confirmation email sent for the domain.
Note: The subject of this confirmation email is "Please validate ownership of your domain [your_domain]…".
Not Receiving Your Domain Validation Emails?
When you use the Email validation method to prove control over your domain but do not receive the validation emails, the following information can help you troubleshoot and remediate the problem.
The information is divided into four sections:
Are You Using a Constructed Email Address?
To use a constructed email address, you must have configured an email account/alias for one of the following addresses: admin, administrator, webmaster, hostmaster, and or postmaster @[domain_name].
Troubleshooting
Not receiving your domain validation emails at your constructed email address?
Here are few things you can check when troubleshooting the problem.
-
Ensure that your constructed email address account/alias has been properly configured. Test the constructed email address by sending an email to it from a known-working email account.
This first check seems like it shouldn't be necessary, but it's always better to be safe than sorry. You may not be getting the validation email at this address because the account has not been set up yet or has been set up improperly.
-
Check your junk mail and spam folders – email clients often mistake the domain validation email for junk mail/spam.
-
Ensure that your firewall or email security appliance did not block the email or place it in quarantine.
Do You Need To Resend Domain Validation Emails?
To resend the domain validation email, log into your DigiCert account (Retail, CertCentral, Complete Website Security, Managed PKI for SSL, etc.), select the email address you want to resend the domain validation email to, and send it.
Are You Using WHOIS-based Email Addresses?
When registering your domain, you provide identifying and contact information referred to loosely as WHOIS information (e.g., administrative and technical contacts). With WHOIS-based email validation, DigiCert locates your domain’s WHOIS record and sends an authorization email to any email addresses we find in the record (such as the administrative and technical contacts).
Troubleshooting
Not receiving your domain validation emails?
Here are somethings you can do to troubleshoot and remedy the problem.
-
Check any junk mail/spam folders.
Have validation email recipients (domain contacts) check their junk mail/spam folders – email clients often mistake the domain validation email for junk mail/spam.
-
Ensure that your firewall or email security appliance did not block the email or place it in quarantine.
-
Contact your domain registrar/register to ensure they are not masking or hiding your domain contact information.
Are you expecting to receive an email at an address published in your domain’s WHOIS record? Please verify that your registrar is not masking or hiding your domain contact information.
Is your registrar/register masking or hiding your contact information? Check to see if they provide a way (an anonymized email or a web form) for CAs to access the domain’s WHOIS data.
For the most efficient validation process, let your registrar know that you want them to either use your full published records or an anonymized email address for your domains. Using these options will ensure minimal-to-no-impact on our validation processes.
Do You Need To Resend Domain Validation Emails?
To resend the domain validation email, log into your DigiCert account (Retail, CertCentral, Complete Website Security, Managed PKI for SSL, etc.), select the email address you want to resend the domain validation email to, and send it.
Does Your Domain Registrar Hide Your Domain Contact Information?
If your registrar masks or hides your domain contact information, then you will need to use one of the other domain validation methods to prove control over your domains.
Constructed Email DCV method
To continue using the Email validation method, use one of the constructed email addresses for your domain instead. You can configure an email account or alias for any of the five constructed email addresses: admin@example.com, administrator@example.com, webmaster@example.com, hostmaster@example.com, and postmaster@example.com.
Note: Using a constructed email address allows you to create a "non-expiring" email address that you can add or remove people from when necessary.
Resend domain validation emails
Once you have successfully configured your constructed email account/alias, log into your DigiCert account (Retail, CertCentral, Complete Website Security, Managed PKI for SSL, etc.), select the constructed email address you want to resend the domain validation email to, and send it.
Use Another Supported Domain Control Validation (DCV) Method
You may find it easier to use a different domain validation method. DigiCert supports the following DNS-based and file-based DCV methods.
-
DNS TXT:
With this method, you add a DigiCert generated token to the domain’s DNS as a TXT record.
-
DNS CNAME
With this method, you add a DigiCert generated token to domain’s DNS as a CNAME record with dcv.digicert.com as the CNAME target.
-
HTTP Practical Demonstration/FileAuth
With this method, you host a file containing a DigiCert generated token at [domain]/.well-known/pki-validation/[filename].txt.
How To Use One of the Other Supported DCV Methods
CertCentral Platform
For CertCentral customers, you can log in to your account to use one of the other DCV methods (DNS TXT, DNS CNAME, and HTTP Practical Demonstration). Your account can be configured to use one of those options as the default DCV method.
For more information, see Domain Pre-Validation: Domain Control Validation (DCV) Methods or Domain Validation (Pending Order): Domain Control Validation (DCV) Methods.
eCommerce Platform
For eCommerce customers (Thawte Certificate Center, GeoTrust Security Center, and RapidSSL Security Center), you can sign in to your account to use one of the other DCV methods (DNS TXT and File Auth). You can select the DCV method you want to use during certificate enrollment, certificate renewal, or from the Order Status page.
All Other DigiCert Platforms
For all other platforms, contact our Support team for assistance to use one of the other supported DCV methods (DNS TXT, File Auth/HTTP Practical Demonstration, or DNS CNAME),
-
DigiCert – https://www.digicert.com/contact-us/