How Can I Complete the Domain Control Validation (DCV) for My SSL Certificate?

How can I Complete the Domain Control Validation (DCV) for My SSL Certificate?

How can I finalize the domain control validation (DCV) for my SSL certificate with 1Byte?

Before an SSL certificate can be issued by 1Byte, the applicant must verify their domain ownership rights. This process is known as domain control validation (DCV). During your certificate activation, you will be offered three DCV methods to choose from:

  • Create a CNAME record
  • Upload a specific validation file
  • Receive a confirmation email

If you need to alter your selected DCV method, refer to the following guide: Modifying DCV methods

Add CNAME record

This validation method involves adding a CNAME record to the DNS settings of your ឈ្មោះដែន.

After you complete SSL activation with 1Byte, you’ll find instructions on completing this DCV method as well as the values you will need for the CNAME record in the SSL Details page of your account:

Click on Get Record to see the CNAME record values.

ចំណាំ: Some DNS systems (including the 1Byte system) have the tendency to automatically add the domain name to the values submitted during record creation. Please make sure that your domain name is not duplicated in the values. If your domain is using 1Byte Basic nameservers or PremiumDNS, remove the “example.com” part of the provided Host value before adding it to the validation record for the domain. Copy the Host and Target values and paste them into the corresponding fields in your DNS provider account. Set the minimum possible TTL value.

ចំណាំ: Please keep in mind that if you are activating a Multi-domain certificate, the DNS record created for the bare domain (without www.) will verify this domain and its subdomain(s) included in the certificate. Nevertheless, to get the certificate issued, all domains/subdomains included in the certificate should be verified.

Once the correct values are set up, head to the SSL details page again, click the link beside “Get a CNAME record”.

On the new page, click the ‘EDIT METHODS’ button.
In the pop-up window, please click Save Changes/Retry Alt DCV to speed up the process of domain control validation.

However, if you are activating a single-domain certificate for a subdomain, you’ll need to set the DNS record for the bare domain directly.

Upload a verification file

This DCV method involves uploading a specific activation file to your website hosting server.

Note: The file uploading method is not applicable for Wildcard SSLs.

The verification file is a TXT file with a unique name consisting of a combination of numbers and letters, e.g., AN2D4C5H7F01823KRIDHJ.txt.

ចំណាំសំខាន់: When uploading the file, please ensure that the file name or its content remains unchanged.

Upon completing the activation process, you’ll be directed to the SSL Details page in your 1Byte account, where you’ll find instructions and a link to the Edit methods page where you can download the validation file.

You’ll need to place the file in the root directory of your domain name in the subfolder of the ‘.well-known’ folder called ‘pki-validation’.

Once you place it here, the validation file should be accessible via the following link: http://yourdomainname.com/.well-known/pki-validation/AN2D4C5H7F01823KRIDHJ.txt, where ‘yourdomainname.com’ is the domain name in the certificate, and ‘AN2D4C5H7F01823KRIDHJ.txt’ should be the exact name of the validation file you downloaded from your 1Byte account without any changes.

  • Single-domain SSLs:

If you have a Single-domain SSL, the file should be accessible both via http://yourdomainname.com/.well-known/pki-validation/AN2D4C5H7F01823KRIDHJ.txt and http://www.yourdomainname.com/.well-known/pki-validation/AN2D4C5H7F01823KRIDHJ.txt.

These requirements also apply to SSLs activated for subdomains. You should make the file accessible both via http://sub.yourdomainname.com/.well-known/pki-validation/AN2D4C5H7F01823KRIDHJ.txt and http://www.sub.yourdomainname.com/.well-known/pki-validation/AN2D4C5H7F01823KRIDHJ.txt

If you activate your SSL for yourdomainname.com and the file is accessible via yourdomainname.com but not accessible via www.yourdomainname.com, then the SSL will secure only yourdomainname.com. At the same time, if your SSL has been activated for www.yourdomainname.com and the file can be accessed via the www subdomain but cannot be accessed via the bare domain (yourdomainname.com), then the SSL will only be issued for www.yourdomainname.com.

  • Multi-domain SSLs:

For Multi-domain SSLs, the validation file should be accessible for each hostname you specified during the SSL activation process.

For example, if you activated your Multi-domain SSL for yourdomain.com, www.yourdomain.com and domain_2.net, the validation file should be accessible for all of these hostnames.

Once your file is uploaded, you can verify it by clicking on the links in the yellow panel with DCV instructions at the top of the SSL details page:

Note: If you have a Multi-Domain SSL and select this DCV method for multiple domains, no link will be displayed in the yellow panel as each domain will have a unique link. To validate each of the domains, you will need to generate the corresponding links by following the instructions in the yellow box and checking each URL in your browser. In most cases, if a simple text line like the one below is displayed on the screen, the validation file is accessible.

Once the file is uploaded and externally accessible via the following URL http://your_domain_name.com/.well-known/pki-validation/filename.txt, please click Save Changes/Retry Alt DCV. This will prompt the Certificate Authority to perform the DCV check.

ចំណាំ: If you are activating your certificate for a subdomain, you can either upload the text to the main domain directory or the subdomain directory. So the file should be accessible either via http(s)://example.com/.well-known/pki-validation/ or via http(s)://sub.example.com/.well-known/pki-validation/ If you are activating a Multi-domain certificate for subdomains, the validation file should be placed into the Document root directory of each corresponding domain. We recommend that you upload it for each subdomain as well.

ចំណាំ: If you have activated the certificate with domain.com indicated as the FQDN (Fully Qualified Domain Name) in your CSR code, please ensure that the file is available via http://domain.com/.well-known/pki-validation/file.txt . In this case, www.domain.com is considered to be under your control as well.

If your CSR code contains www.domain.com as the FQDN, please ensure that the file is available via the link http://domain.com/.well-known/pki-validation/file.txt . The file content shouldn’t be altered in any way as the Comodo (now Sectigo) validation system is case sensitive.

Receive an email

This option necessitates the use of a domain-related email address from the provided list. The exact email address to be used for DCV purposes is chosen during the SSL activation process with 1Byte.

ដោយ​សារ​តែ​ការ CA/B forum regulations, you can only use a domain Whois record contact email or one of the following domain-associated generic emails to receive the approval email:

  • admin@example.com
  • administrator@example.com
  • postmaster@example.com
  • webmaster@example.com
  • hostmaster@example.com

Note: The Whois email address typically resembles 00222eeef898g6245jbkhdshml42@your_whois_privacy.service if the Whois privacy protection service is enabled. For domains registered with 1Byte, you will see something like: 00222eeef898g6245jbkhdshml42.protect@withheldforprivacy.com.

ចំណាំ: If the Whois record email is absent from the list of potential emails, it means the Certificate Authority was unable to retrieve the Whois record for your domain from the CSR code. This is common for domains with TLDs like .ca, .br, .uk, .au, etc. If this occurs, you can select one of the generic emails from the list or use an alternative validation method.

Upon successful activation, an email will be dispatched to you. This email is crucial for confirming your domain ownership rights for your certificate. It contains a validation code that you need to copy. Follow the link provided in the email, paste the validation code into the designated field on the new page, and click Next.

Enter the code from the email and press Next.

That’s all there is to it! If the approval email doesn’t arrive, don’t worry. You can retry by clicking the Resend email option on the Edit methods page. You can find the link to this page in the validation instructions panel on the SSL Details page.

Modifying DCV Methods

If you initially selected a specific DCV method during activation but later decide to switch to another, you can make this change on your account page. Go to your 1Byte account Dashboard, open the SSL Certificates page, find the SSL certificate you’re interested in, and click Details next to it.

On the subsequent page, click the link in the yellow table with DCV instructions to navigate to the Edit methods page.

On the Edit methods page, you’ll notice a button:

Clicking this button will present you with a drop-down menu featuring three possible DCV options.

Select the method you prefer and click Save Changes / Retry Alt DCV.

Next, carry out the necessary steps to finalize the DCV.

ចំណាំ: You can utilize the SSL Validation Tool to verify your SSL status, change the validation method, and expedite the issuance of the SSL certificate.

ចំណាំ: If you possess a Domain Validation certificate, it will be emailed to you shortly after the completion of DCV. If you have an OVEV certificate, your order will need to undergo business validation. Upon completion of DCV, you will receive an email from Comodo (now Sectigo) containing further instructions.