Instructions for authorizing a domain using DNS TXT as the DCV method

This validation method requires you to create a unique DNS TXT record on your domain's public DNS and add the random value verification token—provided by your Support representative—to the TXT record. When the Support representative does a search for TXT records associated with the domain, we can verify the record's value includes the verification token (random value).

  • eCommerce Note:
    For eCommerce customers (Symantec Trust Center, Thawte Certificate Center, GeoTrust Security Center, and RapidSSL Security Center), you can sign in to your account to use the DNS TXT DCV method. You can opt to use the DNS TXT DCV method during certificate enrollment, certificate renewal, or from the Order Status page.

  • CertCentral Note:
    For customers using our CertCentral platform, see our Domain Pre-Validation: Use DNS TXT as the DCV Method instructions.

  • Management Console Note:
    For customers using the DigiCert Management Console, you can use the DNS TXT DCV method to validate your domains. However, in steps 3 and 4, "_dnsauth.[domain]" is not an option.

How to Use DNS TXT as the DCV Method for a Domain

Use these instructions if you need us to validate a domain using the DNS TXT DCV method.

  1. Contact Support.

  2. Provide the Support representative with this information:

    1. Domain Name

    2. Company Name

    3. Order Number or Support ID number

  3. Your Support representative will provide you with these items:

    1. A DNS TXT Entry (base domain or _dnsauth):

      • [domain name] (e.g., example.com)

      • _dnsauth.[domain name] (e.g., _dnsauth.example.com)

        Important: The _dnsauth.[domain name] option is not supported in the DigiCert Management console.

    2. A generated token (e.g., randomnumbersandletters) that you need to add to your TXT record

  4. Add token to DNS TXT record.

    1. Log in to your DNS provider's site and create a new TXT record.

    2. Paste your verification code into a new TXT record in the TXT Value field.

    3. Host field:

      1. Base Domain (e.g., example.com)

        Leave the Host field blank, or use the @ symbol (depending on your DNS provider requirements).

      2. _dnsauth.[domain name]

        In the Host field, enter _dnsauth.

        Important: The _dnsauth.[domain name] option is not supported in the DigiCert Management console.

    4. Make sure the TLL is set to default or 3600.

    5. Save the record.

  5. Contact Support.

  6. Provide the Support representative with this information:

    1. Domain Name

    2. Company Name

    3. Order Number or Support ID number

  7. Ask them to check your DNS TXT Record.

    If everything is set up correctly, your DCV will be completed.

  8. Congratulations!