Knowledge Base

Knowledge BaseDomain Control Validation (DCV)

How to complete Domain Control Validation (DCV) for an SSL/TLS certificate

Updated on June 2, 2026

Overview

By the end of this article, you will know how to verify domain ownership using one of Sectigo's four Domain Control Validation (DCV) methods — Email, Domain Name System (DNS) CNAME, HTTP, and HTTPS. The article first clarifies how DCV differs from a Domain Validation (DV) certificate, lists the Prerequisites, and summarizes the Four DCV methods. It then walks through the numbered Steps to complete DCV, shows How to verify success, and closes with a Troubleshooting table and Tips for choosing the right method.

Domain Validation versus Domain Control Validation

These related terms are not interchangeable:

Domain Validation (DV) is a type of SSL/TLS certificate — the most basic validation level, where only domain ownership is verified.

Domain Control Validation (DCV) is the process of proving domain ownership. DCV is performed for every certificate type, including DV, Organization Validation (OV), and Extended Validation (EV).

This article describes the DCV process. You will complete DCV regardless of which certificate type you ordered.

Prerequisites

Before you start, make sure you have:

A Certificate Signing Request (CSR) generated on your server.

Access to one of the following for the domain you are validating: an email account at the domain (for Email DCV), Domain Name System (DNS) record management (for DNS CNAME DCV and DNS TXT DCV), or the ability to upload a file to the web server hosting the domain (for HTTP or HTTPS DCV).

Four DCV methods

Sectigo supports four DCV methods. Choose the one that matches your access level — you only need to complete one.

1. Email Based — Sectigo sends a validation email to an approved address at your domain (for example, [email protected]). Click the link in the email to confirm ownership.

2. DNS CNAME based — Add a Canonical Name (CNAME) record to your domain's DNS zone using the values Sectigo provides. Sectigo's system queries DNS and validates ownership automatically.

3. HTTP/HTTPS hashing methods

HTTP DCV — Upload a small text file Sectigo provides to a specific path on your web server (over port 80). Sectigo retrieves the file to confirm ownership.

HTTPS DCV — Same as HTTP DCV, but the file is served over port 443. Use this if your server redirects all traffic to HTTPS.

4. DNS TXT— Add a DNS TXT record with a Sectigo‑provided random value to prove domain ownership and complete DCV

Steps to complete DCV

The following steps walk through starting validation and selecting a DCV method

Step 1 — Open the certificate request

If you are an enterprise customer, sign in to SCM and Navigate to domains and add your domains. Select domain you want to validate and Click Validate.

Note: For further steps to validate your domains in SCM go to: Validating domains :: Sectigo Certificate Manager Documentation

If you are an e-commerce customer, after the Order is placed, click on “Setup” button to Submit “Certificate Signing Request” (CSR).

Figure 1: e-Commerce customer should click on set-up to submit CSR

Figure 1: e-Commerce customer should click on set-up to submit CSR

Step 2 — Submit your CSR

Paste your CSR into the CSR field. The portal parses the CSR and displays the domain name, key size, and signature algorithm so you can confirm the details before continuing.

Figure 2: e-Commerce customer should click on continue to domain validation after pasting CSR

Figure 2: e-Commerce customer should click on continue to domain validation after pasting CSR

Step 3 — Select your DCV method

Choose one of the four DCV methods — Email, DNS CNAME, HTTP, or HTTPS — and click Next to continue. The Sectigo Portal then displays the specific values you need (an approved email address, a CNAME record, or a file to upload).

Figure 3: e-Commerce customer should choose their preferred DCV method out of the 4 options

Figure 3: e-Commerce customer should choose their preferred DCV method out of the 4 options

Step 4 — Complete the validation action

Complete the action that matches your chosen method:

Email DCV — open the validation email and click the approval link.

DNS CNAME DCV — add the CNAME record exactly as displayed to your DNS provider.
DNS TXT DCV add the DNS TXT record exactly as displayed to your DNS provider.

HTTP or HTTPS DCV — place the provided file at the exact path shown on your web server.

How to verify success

After you complete the validation action, the order status updates from Pending Validation to Issued once Sectigo confirms control. For DNS and HTTP or HTTPS methods, this is usually within a few minutes. For Email DCV, it is immediate after you click the approval link. If the status does not update within an hour, see the Troubleshooting section.

Troubleshooting

Symptom	Likely cause	Fix
Email DCV link does not arrive	Email blocked or sent to a non-approved address	Confirm the recipient address is on Sectigo's approved list (admin@, administrator@, hostmaster@, postmaster@, webmaster@). Check spam folders.
DNS DCV stays pending	DNS propagation delay or incorrect record	Use a DNS lookup tool to confirm the CNAME is live and matches the value Sectigo provided exactly.
HTTP or HTTPS DCV fails	File at the wrong path, wrong content, or behind a redirect	Open the file URL directly in a browser. The response must be plain text and exactly match Sectigo's value. Disable redirects on that path.