How to validate a domain

Why validate a domain?

Domain validation (Domain Control Validation or DCV) serves to show the Certification Authority (CA) that you control all the domains (FQDN) that will be covered by the Certificate.

The accepted methods for validating domains can vary according to changes in regulations, an update of the CAB Forum Baseline Requirements, for example, or if certain methods are proven to be vulnerable to security attacks.

When to validate a domain

Complete domain validation within 30 days: after this time, validation will no longer be possible.


The validation of a domain is valid for 12 months: during this time, you can request one or more Certificates for the domain without requiring additional validation.

After 12 months from validation, additional Certificate requests will require new validation.

How to validate a domain

If you have a SAN certificate, you can choose whether or not to use the same validation method for all your domains: select Single method if you want to use the same validation method for all domains, or Different method to choose different validation methods for each domain. Press Confirm and then follow the steps below.

  1. Choose a validation method from: 
    • email to domain administrator
    • publish a file on an HTTP server – not available for WildCard type certificates
    • create a TXT record on the domain
    • check the Aruba domain database – ONLY for OV and EV
  2. press Confirm.

Details of the validation methods offered are provided below.

Actions required by the validation method chosen must be performed for the domain domainname.tld (without www).

Validate domain by sending an email to the administrator

If you choose this method, the CA will send an email to the administrator of the domain being validated or of a higher level domain to one of the standard restricted mailboxes such as: postmaster@domainname.tld, webmaster@domainname.tld, hostmaster@domainname.tld, administrator@domainname.tld, admin@domainname.tld

 

Make sure the domain administrator has access to that mailbox. 

When you have received the email: 

  1. click on the link in the email. The link will be valid for 30 days; 
  2. follow the instructions provided by the browser. 

The CA will wait until the domain administrator has followed the instructions provided in the link and only then will confirm control of the domain.

For Single Domain Certificates: the Certificate covers both the domain with www and without www, regardless of how you have entered it.

Validate domains by publishing a file on the HTTP server

If you choose this method, the CA will send an email to the administrator of the domain being validated.  Make sure you can access the mailbox.

Once you have received the email: 

  1. create a .txt text file and call it actalis.txt. You can use a simple text editor, such as Notepad or similar, to create the file;
  2. enter just the string of text that you found in the email in the text file:  do not enter anything else, including spaces and returns;
  3. publish a file on the HTTP server of the domain being validated at file path: http(s)://domainname/.well-known/pki-validation/actalis.txt

The dot "." before "well" is not an error: it is required. 

The CA will verify the presence of and the content of the actalis.txt file on the server at the file path provided. No HTTP redirects will be followed.

Validate the domain by setting up a TXT record

If you choose this method, you must have access to the DNS control panel for the domain being validated or of a higher level domain. 

  1. Retrieve the TXT record value: this value is valid for 30 days and can be: 
    • emailed to the technical contact in charge of the Actalis customer support team; 
    • displayed during the validation process; 
  2. go to your domain DNS management panel; 
  3. enter a TXT record, with the value "actalis-dcv=confirmationValue" where confirmationValue is the TXT record value retrieved in point 1.  

Once you have edited the TXT record, check that it has updated correctly: use the "nslookup" command (in Windows) or "dig" (in Linux). 

The CA will automatically verify that the TXT record for the domain has been found. 

For Single Domain Certificates: the Certificate covers both the domain with www and without www, regardless of how you have entered it.

Validate domains by checking the Aruba database – for OV and EV certificates only

This method can only be used for domains registered and managed by Aruba

In this case, you do not have to do anything to prove that you control the domain: the CA will check the database of Aruba hosted domains.


The validation process in this case may take several hours.

For Single Domain Certificates: the Certificate covers both the domain with www and without www, regardless of how you have entered it.

How to change the choice of validation method

If you have chosen a validation method for the domain, but want to change it: 

  1. sign in to the Customer area using your account username and password. If you can’t remember how to do this, see the guide to signing in to the Customer area
  2. look for the Certificate for which you want to change the validation method; 
  3. select Certificate status
  4. select Edit next to the current validation method selected; 
  5. choose the method you want to use. Read the guide for more details on validation methods
  6. follow the wizard and finish editing. 

Help us improve

In this guide