Contact us at |

Domain Validation

The Domain Validation (DV) SSL certificate is the most affordable choice for increasing the security of your blog, personal or small business website. Since there is no required paperwork, the process of acquiring the Domain Validation certificate is very quick and easy: you will have to prove that you are the domain owner just by responding to an automatic e-mail message. After a couple of minutes, you will receive the issued SSL certificate which can be installed immediately. Sites with Domain Validation certification can be identified by the green padlock that is displayed by most web browsers.

This type of SSL certificates is recommended to be used if you need to prove that your site is secured, by having a secured connection. The Domain Validation certificates don’t display the legal entity, as the identity of the website owner is not checked while issuing them. So, if you have an e-commerce website or a site that collects users’ personal data, you should consider buying our Business Validation (BV) or Extended Validation (EV) certificates, which will make your site more trustworthy.

In order to buy a Domain Validated certificate, you do not need to provide any documentation. You will have to confirm the domain ownership through a simple email or file-based authentication. Following completion of one of these elements, the DV certificate will be signed and released to you.

The validation time of an SSL depends on the type of certificate you chose to buy.

Domain Validated certificates are issued within 3-5 minutes in 99% of the cases. Only when an SSL Certificate is requested for a domain name that contains a trademark or a brand name, then those SSL Certificates may pass brand validation, and can take up to a business day to be issued.

Business Validated certificates are usually issued within 1-3 business days.

Extended Validated certificates can take between 1-7 business days to be issued. The Certificate Authority does its part of the work very quickly. If all the information is provided to the Certificate Authority quickly and correctly, then the Certificate Authority can issue the EV certificate within 1 business day. We’ve seen situations when the EV Certificate was issued within a few hours. The 1-7 days period depends on how quickly the customer provides the required information to the Certificate Authority, and how quickly the customer responds to the Certificate Authority’s potential requests for additional information.

By doing the Validation process, the Certificate Authority’s is trying to confirm that you are the owner of the domain, and that the company that you are requesting a Business Validation or Extended Validation certificate for is active. That is why it is important that you keep your company’s records (address and phone number) up to date and you promptly respond to the Certificate Authority’s requests.

bv2bv1You can check whether your SSL Certificate requires Domain Validation, Business Validation or Extended Validation by looking at the attributes of your SSL Certificate. Please open the two screenshots on the right in order to see where you can find the information about the validation type of your SSL Certificate.


Yes, you can secure an IP address with an SSL Certificate. However, only some specific SSL Certificates will allow you to do that. Here are those SSL Certificates:
– Comodo/Sectigo InstantSSL Premium

Please note that this certificate is a Business Validation SSL Certificate, which means that you need to have a registered company in order to be issued this SSL certificate.

Note: The following certificates used to secure IP addresses in the past, but they no longer do so:
– GeoTrust TrueBusinessID
– Thawte Web Server SSL
– Symantec Secure Site
– Symantec Secure Site PRO

Unfortunately, domain names that end with .local are not supported from November 1st, 2015. If you request an SSL Certificate for a domain or sub-domain that has .local as an extension, your SSL Certificate will be rejected by the Certificate Authority.

If you want to secure a domain or sub-domain on your localhost, you can create a self-signed SSL Certificate. There is plenty of documentation online on how to do that.

Please go through the next steps in order to change the domain validation type for your SSL Certificate:
1) Log into your SSL Dragon account;
2) Go to “Services” -> “My Services”;
4) You will see the list of products which you bought from SSL Dragon. Click on the SSL Certificate which you would like to change the domain validation type for;
5) Click on the green colored “Revalidate” button which you can find towards the bottom on the page;
6) Choose the new domain validation method for your domain(s); You can read more about what each validation type means at this link;
7) Click “Submit” to make the new validation method go into effect.

When requesting an SSL Certificate you have to prove that you own or you have management rights over the domain or sub-domain that you are requesting an SSL Certificate for.

Domain validation by email

If you have an SSL Certificate issued by Comodo/Sectigo, GeoTrust, Thawte, Symantec and RapidSSL, then you can complete the domain validation is by responding to an automated domain validation message sent to your email address. You will be given a list of emails to choose from, and the automated domain validation message will be sent to the email address that you choose.

Always check your email address (including your Spam folder) so as you should receive an email message from the Certificate Authority with instructions on how to validate (prove the ownership of) your domain name. The email message will ask you to copy a unique code and paste it on a specific link provided in the same email message.

If your SSL Certificate is issued by Comodo/Sectigo, there are 2 more ways how you can complete the domain validation:

Domain validation via the HTTP / HTTPS method

The HTTP validation consists of uploading a TXT validation file to a pre-defined location on your website. You have to make sure that you can access this file and link from any web browser. Once you proceed with this domain validation method, Comodo/Sectigo will run a scan of your website and will look particularly for this file at the given link. Your SSL Certificate will pass the domain validation within a few minutes after Comodo/Sectigo’s system finds the TXT file on your website.

The HTTPS validation method is the same validation method as described above. You should choose the HTTPS option if you already have an SSL Certificate installed on your website.

Domain validation via the DNS method

Comodo/Sectigo allows you to to add a pre-defined domain record to your domain registrar (the website where you registered your domain name). Make sure that your firewall doesn’t block Comodo/Sectigo validation robot. Comodo/Sectigo validation robot comes from / The user agent should be “Comodo/Sectigo DCV” or “COMODO/SECTIGO DCV”.

Please note that newly added DNS records take between 10-48 minutes to propagate. This means that you will have to wait up to 48 hours to pass the domain validation if you go with this method. That is why we recommend the Email, HTTP, and HTTPS methods better, so as they would allow you to pass the domain validation instantly.

How to change the domain validation method?

If you chose one of these domain validation methods described above, and you see that your domain doesn’t get validated, then you can always change your domain validation method. Please go to this link to learn how to do that.

When you buy a multi-domain SSL Certificate and you include several domain names and/or sub-domains in it, the Certificate Authorities require you to pass the domain validation for each and every domain name and/or sub-domain that you included in your multi-domain SSL Certificate, and only after that the multi-domain SSL Certificate will be issued to you.

POSSIBLE PROBLEM: Sometimes the email addresses, or your HTTP options, or the DNS records that you choose for your multi-domain certificate do not get set correctly when they reach the Certificate Authority. You will know that when you see that you only got one single domain validation message to your email address instead of getting several domain validation messages, or your multi-domain SSL Certificate’s status still shows as “Awaiting Validation (Full)” even though you passed the domain validation for one of the domains.

partner-order-idHOW TO FIX: There is an easy way to fix that, and that requires getting in contact with the Certificate Authority’s Validation Department. When you contact them, please provide them your “Partner Order ID” (see screenshot on the right), and then tell them about the domain validation method that you chose to go with: HTTP, DNS or Email. If you chose to pass the domains validation by email, then double check with the Validation Department representatives what email addresses are set in their system, and ask them to send you the domain validation messages to your desired email addresses.

Comodo (now Sectigo)

Please call Comodo/Sectigo Validation Department at +1 (888) 266-6361 (Ext 4) or for the above stated reasons. When you talk to them, you will need to provide them your “Partner Order ID”.

Thawte, GeoTrust, Symantec/VeriSign

Please call Thawte, GeoTrust, Symantec/VeriSign Validation Department at +1 (520) 477-3152 (Ext 2) for the above stated reasons. Please note that Thawte, GeoTrust, Symantec/VeriSign are all owned by Symantec, and they all have the same phone number provided above.  When you talk to them, you will need to provide the “Partner Order ID”.

If you are still wondering what are the main benefits of each validation type (Domain Validation (DV), Business Validation (BV), and Extended Validation (EV)) and why you should choose one vs. another, then this is the right FAQ for you. Each of these SSL Certificate types was created having in mind a certain customer trust level:

  • BasicDomain Validation SSL Certificates – created for customers who aren’t interested in showing their company name and address in the SSL Certificate – either because they don’t need/want to or simply because they just don’t have a company. They only need to get the SSL Certificate very quickly in order to secure their domain name with HTTPS and have all web and mobile browsers display their website as “Secure”.
  • MediumBusiness Validation SSL Certificates – designed for clients who want to display their company’s name in their SSL Certificate’s details in order to ensure their customers that their business is real and trustworthy. BV SSL Certificates also allows you to display on your website a site seal provided by the third party Certificate Authority which proves that your SSL Certificate was issued to your company’s name and address.
  • Top Extended Validation SSL Certificates   developed for clients for whom users’ trust is highly important and they want to have a green address/URL bar that displays the company’s name on all web and mobile browsers (along with making this information visible in the SSL Certificate’s details). EV SSL Certificates also provide the site seal which proves that your SSL Certificate was issued to your website, company’s name and address but these certificates have the topmost trust level because they show your customers, prospectors, and visitors that your website is highly secure and that their information is always protected.

Now that you know the main differences between Domain Validation (DV), Business Validation (BV), and Extended Validation (EV) SSL Certificates, it should be much easier for you choose the one that fits you the best. 

To confirm you are the owner of the domain name using the HTTP method, you’ll have to upload a TXT file to a location on your website and server that looks like this:

We will provide instructions on how to create the .well-known folder for various server types:

Linux based servers (Ubuntu, Debian, CentOS)

  1. Go to the root directory of your website
  2. Create a directory called “.well-known“
  3. Inside it, create another folder called “pki-validation“
  4. Upload the TXT file inside the “pki-validation” directory


  1. Log into WHM, or skip this step if you don’t have WHM
  2. Locate and log into the cPanel account for your domain name
  3. Click on “File Manager”
  4. Choose the “Web Root (public_html/www)” option and click “Go.”
  5. Create a new folder called .well-known
  6. Inside that folder create another folder called: pki-validation
  7. Upload your TXT file inside the pki-validation folder


Windows based servers do not allow you to place a dot in a folder name, therefore you need to follow these steps:

  1. Go to the C: drive
  2. Create a new folder called well-known
  3. Inside the well-known folder, create another folder named pki-validation
    so far, your folders should look like this: C:\well-known\pki-validation
  4. Upload the TXT file in the pki-validation folder
  5. Open the IIS Manager on your server
  6. Do a right click on your website and select Add Virtual Directory
  7. In the Alias section write .well-known
  8. In the Psychical Path area enter the path to the well known folder. For example:
  9. Press OK to create this alias

For all server types, if you did everything correctly, you should be able open the following URL and see the hash code along with “” in any web browser:


Certain SSL Certificates allow you to secure an IP address, only if it is a public IP address. The validation process for IP addresses is similar to validating a domain name, but it has its particularities. That is why we encourage you to follow the guidelines below.

Comodo (now Sectigo)

1) First of all, you have to configure your SSL Certificate by filling in the configuration form inside your SSL Dragon account. When configuring your certificate, you will be asked to generate a CSR or enter an existing CSR. Please make sure you include your IP address as a “common name” (domain/IP that you want to secure) in your CSR;

2) Once your certificate is configured, you have to prove the ownership or right to use that IP address. To do that, you have to pass the HTTP/HTTPS validation for your SSL Certificate. Email or DNS validation are not available for IP validation. To pass the HTTP/HTTPS validation, you have to create a .TXT file that contains the validation code provided on the “Content” field on the details page of your SSL Certificate page. The “Content” that you have to add to the .TXT file looks similar to this:


Then you have to upload the TXT file at a location on your server that looks like this: should be replaced by the IP address that you are trying to validate. You can read information on how to create the .well-known folder at this link:

Make sure that you can access this file and link from any web browser. Inform us when you uploaded the attached TXT file on your server, so that we could run a scan of your website and look particularly for this file at this given link.

If you follow these steps exactly, you will get your IP address validated successfully.

NOTE: If you have a router to secure instead of a server, there is no way to upload the TXT file on your router. The solution to get the IP addresses validated is to reroute the IP address to a server, put the TXT file on that server, pass the IP validation, and then reroute the IP address back to the router.

3) The last step towards getting the SSL Certificate for your IP address is to pass the Business Validation. You can find detailed instructions on how to do that at this link:

Thawte, GeoTrust, Symantec/VeriSign

Please contact Thawte, GeoTrust, or Symantec via phone or online chat. You can find their contact information at this link. When submitting your request, please provide your email address and tell them that you configured your SSL Certificate for a public IP address. Please mention your “Partner Order ID” in your message. You can find your “Partner Order ID” on the details page of your SSL Certificate inside your SSL Dragon account. See screenshot on the right.

Thawte, GeoTrust, or Symantec will send you an email message with detailed instructions on how to pass the validation for your IP address. If you do not hear from the Certificate Authority representatives in the next 5-7 days following the date of your request, then please call +1 (520) 477-3152 (Ext 2) to check the status of your SSL Certificate with the Certificate Authority. Please note that Thawte, GeoTrust, and Symantec are all owned by Symantec, and they all have the same phone number provided above. When you talk to them, you will need to provide them your “Partner Order ID”.

If your router has a public IP address, you can still validate that IP address.

HTTP/HTTPS validation is the only method available for IP address validation. The HTTP/HTTPS validation method consists of adding a TXT file on your IP address and having Comodo/Sectigo scan that IP address and validate it. There is no way to upload a TXT file on your router. The solution to get the IP address validated is to reroute the IP address to a server, put the TXT file on that server, pass the IP validation, and then reroute the IP addresses back to the router.

You can read more information on what the TXT file should include and where to upload it in the following FAQ item: