FAQs
How does the email challenge-response method work for Domain Control Validation (DCV)?
How does the email challenge-response method work for Domain Control Validation (DCV)?
Similar Questions:
What is the process of Email Challenge-Response for Domain Control Validation (DCV)?
How is domain ownership verified using the Email Challenge-Response method?
Can you explain how Email-based DCV works?
What steps are involved in validating a domain via Email Challenge-Response?
How does the certificate authority use email to confirm domain control?
Overview
When ordering an SSL/TLS certificate, one of the methods to prove domain ownership is through Email Challenge-Response. This method involves sending a unique validation code to a constructive email address associated with the domain. The recipient must follow a link and enter the code to complete the validation. The recipient must follow a link and enter the code from the email to complete the domain validation.
How It Works
1. Order Placement:
During the certificate request, the system selects a list of acceptable email addresses associated with the domain in the Certificate Signing Request (CSR).
2. Email Sent:
A validation email containing a unique code and a verification link is sent to the selected address.
3. Validation:
The recipient must click the link and enter the code from the email to confirm control over the domain.
Acceptable Email Addresses
The following email addresses are considered valid for DCV:
- [email protected]
- [email protected]
- [email protected]
- [email protected]
- [email protected]
Additionally, a contact email address specified in the domain’s DNS TXT record is also acceptable.
Using DNS TXT Record for Email DCV
If you use a DNS-based contact email, the TXT record must meet the following criteria:
Step1:
IN the DNS Click ‘ADD NEW RECORD’
Step 2:
Select record type as ‘TXT Record’
Step 3:
- The DNS TXT record must be placed for the domain as : _validation-contactemail.yourdomain.com.
- The entire value of the TXT record must be a valid single email address.
- No additional text, formatting, or structure is allowed.
Step 4:
Set the TTL (Time-To-Live) value to the minimum allowable duration to facilitate the fastest possible propagation of the DNS record across the network.
Example DNS TXT Record:
If your DNS server automatically appends the domain name to the end of DNS records, you may omit the domain name from the hostname when creating the DNS TXT record. This helps avoid duplication and ensures proper record formatting.
_validation-contactemail IN TXT "[email protected]"
Or
_validation-contactemail.yourdomain.com IN TXT "[email protected]"
Ordering Through Sectigo Web Interface
When requesting a certificate via Sectigo’s web interface:
- The system defaults to Email Challenge-Response for DCV.
- A list of acceptable email addresses is automatically generated based on the Common Name (CN) in the CSR.
- You can select the preferred email address from the list to receive the validation email.
Troubleshooting Tips
- Ensure the selected email address is active and monitored.
- Check spam/junk folders for the validation email.
- If using DNS TXT, confirm the record is correctly published and propagated.
- If you don’t have access to any one of the constructive email addresses specified, choose an alternative DCV method.
Related Articles:
Tags:
Attachment
Need help?
Need help making a purchase? Contact us today to get your certificate issued right away.
Live chat
Click the button below or click "Chat with an Expert" to start chatting with us now!
