DCV (Domain Control Validation)

For security reasons, is necessary to verify that you have the full agreement of the domain's owner to use the SSL certificate for the domain.

If you have requested an SSL certificate for a domain that you don't control (as owner, admin, or tech contact), you will be offered three validation methods right after you submit your CSR:

Validation by DNS

If you are purchasing an SSL certificate for a domain for which you are already a contact, this method is chosen for you automatically, and the zone file is updated for you. In the event that you chose a Multi-domain certificate, you must have the rights to ALL the domains present in the certificate for this validation method to work.

Validation by DNS record implies that you have access to the DNS zone file of your domain (whether or not at Gandi), and can add a CNAME record to it.

If you opt for this method, you will need to add a special CNAME record to your domain's DNS zone file.

The record to be inserted into the zone will be visible from the certificate's order status from your Orders in Progress page (more info). You can see it by hovering your mouse over the icon.

If you see an existing CNAME record for this validation in your zone file, it was automatically added for you. There is no need to add another one. You will need to wait for DNS to update, however, which may take several hours.

Validation by email

This validation method is simple, though requires that you have a specific email address available for each domain to be validated.

This email address must be created with the user admin@ (ex.: if you want to validate the domain example.com, you must create the email address admin@example.com).

To resend the mail, go to your certificate's order status from your Orders in Progress page (more info) and relaunch the sending of the verification emails from there.

You have 30 days to confirm by email, after which the operation will time out.

Validation by file

This validation method requires that you have access to the web server that hosts the website that the domain will point to.

You are asked to copy a TXT file that contains a verification key, and to place it at the following location(.well-known/pki-validation/filename.txt):


Note that you must replace adapt the URL to match your own address, as well as the “filename”.

To get the file, go to the certificate's order status from your Orders in Progress page (more info).

You will see a link to “get the file” from that page, and if you are unsure where to place the file, hover your mouse over the icon and we will show you an example of where it needs to be.

Comodo will verify the file within 1 hour of the launch of the validation process.

Last modified: 07/24/2017 at 18:15 by Ryan A. (Gandi)