Domain Validation

The Domain Validation (DV) SSL certificate is the most affordable choice for increasing the security of your blog, personal or small business website. Since there is no required paperwork, the process of acquiring the Domain Validation certificate is very quick and easy: you will have to prove that you are the domain owner just by responding to an automatic e-mail message. After a couple of minutes, you will receive the issued SSL certificate which can be installed immediately. Sites with Domain Validation certification can be identified by the green padlock that is displayed by most web browsers.

This type of SSL certificates is recommended to be used if you need to prove that your site is secured, by having a secured connection. The Domain Validation certificates don’t display the legal entity, as the identity of the website owner is not checked while issuing them. So, if you have an e-commerce website or a site that collects users’ personal data, you should consider buying our Business Validation (BV) or Extended Validation (EV) certificates, which will make your site more trustworthy.

In order to buy a Domain Validated certificate you do not need to provide any documentation. You will have to confirm the domain ownership through a simple email or file-based authentication. Following completion of one of these elements the DV certificate will be signed and released to you.

The validation time of an SSL depends on the type of certificate you chose to buy.

Domain Validated certificates are issued within 3-5 minutes in 99% of the cases. Only when an SSL Certificate is requested for a domain name that contains a trademark or a brand name, then those SSL Certificates may pass brand validation, and can take up to a business day to be issued.

Business Validated certificates are usually issued within 1-3 business days.

Extended Validated certificates can take between 1-7 business days to be issued. The Certificate Authority does its part of the work very quickly. If all the information is provided to the Certificate Authority quickly and correctly, then the Certificate Authority can issue the EV certificate within 1 business day. We’ve seen situations when the EV Certificate was issued within a few hours. The 1-7 days period depends on how quickly the customer provides the required information to the Certificate Authority, and how quickly the customer responds to the Certificate Authority’s potential requests for additional information.

By doing the Validation process, the Certificate Authority’s is trying to confirm that you are the owner of the domain, and that the company that you are requesting a Business Validation or Extended Validation certificate for is active. That is why it is important that you keep your company’s records (address and phone number) up to date and you promptly respond to the Certificate Authority’s requests.

bv2bv1You can check whether your SSL Certificate requires Domain Validation, Business Validation or Extended Validation by looking at the attributes of your SSL Certificate. Please open the two screenshots on the right in order to see where you can find the information about the validation type of your SSL Certificate.


Yes, you can secure an IP address with an SSL Certificate. However, only some specific SSL Certificates will allow you to do that. Here are those SSL Certificates:
– Comodo InstantSSL Premium

Please note that all these certificates are Business Validation SSL Certificates, which means that you need to have a registered company in order to be issued one of these certificates.

Note: The following certificates used to secure IP addresses in the past, but they no longer do so:
– GeoTrust TrueBusinessID
– Thawte Web Server SSL
– Symantec Secure Site
– Symantec Secure Site PRO

Unfortunately, domain names that end with .local are not supported from November 1st, 2015. If you request an SSL Certificate for a domain or sub-domain that has .local as an extension, your SSL Certificate will be rejected by the Certificate Authority.

If you want to secure a domain or sub-domain on your localhost, you can create a self-signed SSL Certificate. There is plenty of documentation online on how to do that.

Please go through the next steps in order to change the domain validation type for your SSL Certificate:
1) Log into your SSL Dragon account;
2) Go to “Services” -> “My Services”;
4) You will see the list of products which you bought from SSL Dragon. Click on the SSL Certificate which you would like to change the domain validation type for;
5) Click on the green colored “Revalidate” button which you can find towards the bottom on the page;
6) Choose the new domain validation method for your domain(s); You can read more about what each validation type means at this link;
7) Click “Submit” to make the new validation method go into effect.

When requesting an SSL Certificate you have to prove that you own or you have management rights over the domain or sub-domain that you are requesting an SSL Certificate for.

Domain validation by email

If you have an SSL Certificate issued by Comodo, GeoTrust, Thawte, Symantec and RapidSSL, then you can complete the domain validation is by responding to an automated domain validation message sent to your email address. You will be given a list of emails to choose from, and the automated domain validation message will be sent to the email address that you choose.

Always check your email address (including your Spam folder) so as you should receive an email message from the Certificate Authority with instructions on how to validate (prove the ownership of) your domain name. The email message will ask you to copy a unique code and paste it on a specific link provided in the same email message.

If your SSL Certificate is issued by Comodo, there are 2 more ways how you can complete the domain validation:

Domain validation via the HTTP / HTTPS method

The HTTP validation consists of uploading a TXT validation file to a pre-defined location on your website. You have to make sure that you can access this file and link from any web browser. Once you proceed with this domain validation method, Comodo will run a scan of your website and will look particularly for this file at the given link. Your SSL Certificate will pass the domain validation within a few minutes after Comodo’s system finds the TXT file on your website.

The HTTPS validation method is the same validation method as described above. You should choose the HTTPS option if you already have an SSL Certificate installed on your website.

Domain validation via the DNS method

Comodo allows you to to add a pre-defined domain record to your domain registrar (the website where you registered your domain name). Make sure that your firewall doesn’t block Comodo validation robot. Comodo validation robot comes from / The user agent should be “Comodo DCV” or “COMODO DCV”.

Please note that newly added DNS records take between 10-48 minutes to propagate. This means that you will have to wait up to 48 hours to pass the domain validation if you go with this method. That is why we recommend the Email, HTTP, and HTTPS methods better, so as they would allow you to pass the domain validation instantly.

How to change the domain validation method?

If you chose one of these domain validation methods described above, and you see that your domain doesn’t get validated, then you can always change your domain validation method. Please go to this link to learn how to do that.

When you buy a multi-domain SSL Certificate and you include several domain names and/or sub-domains in it, the Certificate Authorities require you to pass the domain validation for each and every domain name and/or sub-domain that you included in your multi-domain SSL Certificate, and only after that the multi-domain SSL Certificate will be issued to you.

POSSIBLE PROBLEM: Sometimes the email addresses, or your HTTP options, or the DNS records that you choose for your multi-domain certificate do not get set correctly when they reach the Certificate Authority. You will know that when you see that you only got one single domain validation message to your email address instead of getting several domain validation messages, or your multi-domain SSL Certificate’s status still shows as “Awaiting Validation (Full)” even though you passed the domain validation for one of the domains.

partner-order-idHOW TO FIX: There is an easy way to fix that, and that requires getting in contact with the Certificate Authority’s Validation Department. When you contact them, please provide them your “Partner Order ID” (see screenshot on the right), and then tell them about the domain validation method that you chose to go with: HTTP, DNS or Email. If you chose to pass the domains validation by email, then double check with the Validation Department representatives what email addresses are set in their system, and ask them to send you the domain validation messages to your desired email addresses.


Please call Comodo Validation Department at +1 (888) 266-6361 (Ext 4) for the above stated reasons. When you talk to them, you will need to provide them your “Partner Order ID”.

Thawte, GeoTrust, Symantec/VeriSign

Please call Thawte, GeoTrust, Symantec/VeriSign Validation Department at +1 (520) 477-3152 (Ext 2) for the above stated reasons. Please note that Thawte, GeoTrust, Symantec/VeriSign are all owned by Symanec, and they all have the same phone number provided above.  When you talk to them, you will need to provide the “Partner Order ID”.

If you are still wondering what are the main benefits of each validation type (Domain Validation (DV), Business Validation (BV), and Extended Validation (EV)) and why you should choose one vs. another, then this is the right FAQ for you. Each of these SSL Certificate types was created having in mind a certain customer trust level:

  • BasicDomain Validation SSL Certificates – created for customers who aren’t interested in showing their company name and address in the SSL Certificate – either because they don’t need/want to or simply because they just don’t have a company. They only need to get the SSL Certificate very quickly in order to secure their domain name with HTTPS and have all web and mobile browsers display their website as “Secure”.
  • MediumBusiness Validation SSL Certificates – designed for clients who want to display their company’s name in their SSL Certificate’s details in order to ensure their customers that their business is real and trustworthy. BV SSL Certificates also allows you to display on your website a site seal provided by the third party Certificate Authority which proves that your SSL Certificate was issued to your company’s name and address.
  • Top Extended Validation SSL Certificates   developed for clients for whom users’ trust is highly important and they want to have a green address/URL bar that displays the company’s name on all web and mobile browsers (along with making this information visible in the SSL Certificate’s details). EV SSL Certificates also provide the site seal which proves that your SSL Certificate was issued to your website, company’s name and address but these certificates have the topmost trust level because they show your customers, prospectors, and visitors that your website is highly secure and that their information is always protected.

Now that you know the main differences between Domain Validation (DV), Business Validation (BV), and Extended Validation (EV) SSL Certificates, it should be much easier for you choose the one that fits you the best. 

To confirm you are the owner of the domain name using the HTTP method, you’ll have to upload a TXT file to a location on your website and server that looks like this:

We will provide instructions on how to create the .well-known folder for various server types:

Linux based servers (Ubuntu, Debian, CentOS)

  1. Go to the root directory of your website
  2. Create a directory called “.well-known“
  3. Inside it, create another folder called “pki-validation“
  4. Upload the TXT file inside the “pki-validation” directory


  1. Log into WHM, or skip this step if you don’t have WHM
  2. Locate and log into the cPanel account for your domain name
  3. Click on “File Manager”
  4. Choose the “Web Root (public_html/www)” option and click “Go.”
  5. Create a new folder called .well-known
  6. Inside that folder create another folder called: pki-validation
  7. Upload your TXT file inside the pki-validation folder


Windows based servers do not allow you to place a dot in a folder name, therefore you need to follow these steps:

  1. Go to the C: drive
  2. Create a new folder called well-known
  3. Inside the well-known folder, create another folder named pki-validation
    so far, your folders should look like this: C:\well-known\pki-validation
  4. Upload the TXT file in the pki-validation folder
  5. Open the IIS Manager on your server
  6. Do a right click on your website and select Add Virtual Directory
  7. In the Alias section write .well-known
  8. In the Psychical Path area enter the path to the well known folder. For example:
  9. Press OK to create this alias

For all server types, if you did everything correctly, you should be able open the following URL and see the hash code along with “” in any web browser: