FAQs
Troubleshooting SSL Validation Issues: HTTP DCV Common Issues
Overview
This article helps you restore HTTP-based Domain Control Validation (DCV) when the validation file Sectigo placed on your web server cannot be retrieved. You will diagnose the most common HTTP DCV failures, apply the matching fix, and confirm Sectigo's validation servers can fetch the file. It covers the Common issues you may see, the Fixes for each, and Alternative validation methods if HTTP continues to fail.
Common issues
HTTP DCV failures usually trace back to file placement, name and content mismatch, redirects, or access restrictions. Use the table to match the symptom to its cause and fix.
|
Symptom |
Cause |
Fix |
|
Sectigo cannot find the validation file |
File is in the wrong directory or the web root is not what you assumed |
Place the file at the exact path Sectigo provided under .well-known/pki-validation; see Confirm file location |
|
File loads but validation still fails |
Filename or hash content does not match Sectigo's values |
Recreate the file with the exact name and contents; see Verify file name and hash |
|
Browser reaches the file via a redirect but Sectigo fails |
HTTP traffic to the validation path is being redirected (HTTP to HTTPS, www to non-www, or vice versa) |
Disable redirects on the validation path while DCV is in progress; see Disable redirects temporarily |
|
Sectigo's servers receive a 403 or timeout |
Firewall, WAF, or geo restriction is blocking external requests |
Allow public access to the validation path; see Firewall and security settings |
Confirm file location
Place the validation file under the .well-known/pki-validation directory of the domain being validated, and confirm the file is reachable over the public internet from a browser or curl.
Verify file name and hash
If the file is accessible, confirm the filename and the hash content inside the file match exactly the values Sectigo provided. Even a single character or trailing newline difference will fail validation.
Disable redirects temporarily
Turn off any redirects that affect the validation Uniform Resource Locator (URL). Sectigo's checker follows HTTP plainly and may not follow redirects to HTTPS or alternate hosts.
Check access in a browser
Open the validation URL in a private browser window from a network outside your corporate VPN. If you cannot view the file there, Sectigo will not be able to either.
Firewall and security settings
Confirm that firewall, WAF, or geo-IP rules permit Sectigo's validation servers to reach the validation path. Remove any block on global access to that path for the duration of the validation.
Alternative validation methods
If HTTP DCV continues to fail after the fixes above, switch the order to Email-based or CNAME-based DCV from your Sectigo order. Email DCV does not require any web server change and usually completes within minutes.
Similar questions
-
Why is Sectigo unable to validate my HTTP DCV file?
-
Where do I place the Sectigo HTTP validation file?
-
Do redirects break HTTP DCV?
-
Can I switch from HTTP to email validation mid-order?
Related articles
Need assistance?
Contact our team for help with your purchase or issuing your certificate.
Live chat
Click the button below or click "Chat with an Expert" to start chatting with us now!
