Domain Validation (DV) or Domain Control Validation (DCV) is a step every SSL applicant must pass before receiving an SSL certificate from the Certificate Authority. It involves proving ownership or management rights over the domain or subdomain you intend to secure.

CAs provide several validation methods to speed up the process:

  • Email method
  • HTTP/HTTPS method
  • DNS method

This article covers the HTTP/HTTPS method and, more precisely, how to create the .well-known folder, the directory where you must upload a TEXT file for the CA to scan and approve your SSL request.

If you wish to validate your domain via email or DNS, refer to our FAQ section.

The HTTP / HTTPS method in a nutshell

The HTTP validation procedure requires you to upload a TXT file to a pre-defined location on your website. The file should be accessible via a live website link. After you add the validation file, the CA crawler system will scan your website and look for the file. Once it finds it, you should pass the validation within minutes.

The HTTPS validation method is the same as described above. You should choose the HTTPS option if you already have an SSL certificate on your website.

Note: The HTTP/HTTPS method is not available for Wildcard certificates.

What is the .well-known folder?

Inside your ~/public directory, you might find a .well-known folder. Well-known URIs are Uniform Resource Identifiers for well-known services or information available at URLs consistent locations across servers.

Some servers create the .well-known folder automatically, but sometimes, you may have to add it manually. This directory acts as a web-based protocol to fetch site metadata about a host before making a request. 

To confirm domain ownership using the HTTP/HTPPS method, you have to upload a TXT file to a location on your website and server that looks like this:

http://yourwebiste.com/.well-known/pki-validation/HashFileName.txt

Here’s how to create the .well-known folder on the most popular platforms:

Linux-based servers (Ubuntu, Debian, CentOS)

  1. Navigate to the root directory of your website
  2. Create a directory called .well-known
  3. Inside it, create another folder called pki-validation
  4. Upload the TXT file inside the pki-validation directory

cPanel

  1. Log into WHM, or skip this step if you don’t have WHM.
  2. Log into the cPanel account for your domain name
  3. Click on File Manager
  4. Choose the Web Root (public_html/www) option and click Go.
  5. Create a new folder called .well-known
  6. Inside the .well-known folder, create another folder called: pki-validation
  7. Upload your TXT file inside the pki-validation folder

IIS service

Windows-based servers don’t support dots in a folder name, so you need to follow these steps:

  1. Head to the C: drive
  2. Create a new folder called well-known
  3. Inside the well-known folder, create another folder named pki-validation
  4. Your folder path should look like this: C:\well-known\pki-validation
  5. Upload the TXT file in the pki-validation folder
  6. Open the IIS Manager on your server
  7. Right-click on your website and select Add Virtual Directory
  8. In the Alias section, enter .well-known
  9. In the Psychical Path section, enter the path to the well-known folder. For example:
  10. C:\well-known
  11. Press OK to create this alias

That’s it! The HTTP/HTTPS validation process is pretty straightforward. You should get your SSL certificate in no time if you follow the exact steps outlined above.

Image by storyset on Freepik