Skip to main content

Domain prevalidation: Revalidate your domain before validation expires

For quicker certificate issuance, keep your domain's validation current

DigiCert recommends keeping your domains' validation up to date for quicker certificate issuance. For information about the DigiCert-supported DCV methods, see Domain prevalidation: Domain control validation (DCV) methods.

Don’t wait until your domain's validation expires to revalidate it. With CertCentral, you can revalidate a domain at any time. This domain management feature enables you to complete the domain's validation early, so your immediate certificate issuance process continues without interruption.

Items to note about domain validation:

  • Per industry standards, a domain's validation is valid for 397 days (approximately 13 months).

  • If you order a certificate while the domain's revalidation is pending, we use the domain's current validation to issue the certificate if it is still valid.

Submit domain for revalidation

  1. In CertCentral, in the left menu, go to Certificates > Domains.

    For CertCentral Subscription accounts, in the left menu, go to Validation > Domains.

  2. On the Domains page, select the domain you want to revalidate.

  3. On the domain's details page, in the Domain control validation DCV section, select the DCV method you want to use to demonstrate control over the domain.

    • DNS TXT record (DNS Change)

      Go to your DNS provider and create a TXT record. Add a DigiCert-generated random value to the domain's TXT record. DigiCert does a search for a DNS TXT record associated with the domain that includes the DigiCert-generated random value.

    • Verification email

      An email recipient follows the instructions in a confirmation email sent for the domain. DigiCert sends two sets of DCV emails: Email to DNS TXT contact and Constructed Email.

      • Email to DNS TXT contact

        Place the DNS TXT record on the _validation-contactemail subdomain of the domain you want to validate. The RDATA value of this text record must be a valid email address.

        DigiCert sends an authorization email to the email addresses found in the DNS TXT record on the _validation-contactemail subdomain of the domain you are validating.

      • Email to Constructed Email

        DigiCert sends the authorization email to five constructed email addresses for the domain: admin, administrator, webmaster, hostmaster, and postmaster @[domain_name].

        Before DigiCert can successfully send an authentication DCV email to the domain owner (or domain controller), we must verify that an MX record (a resource record in the Domain Name System [DNS]) exists in the DNS records of the recipient's domain name. The presence of valid MX records enables us to send the authentication email.

      Warning

      End of life for the WHOIS-based Email

      On May 8, 2025, DigiCert ended support for the WHOIS-based DCV email method. DigiCert systems have stopped querying WHOIS entirely to find email addresses for domain validations. To learn more about this change, see our knowledge base article, End of life for WHOIS-based DCV methods.

      What should I do?

      You must update your domain validation process to use one of the other supported DCV methods. If you still want to use the Email DCV method, use the DNS TXT record email contacts or the Constructed email method.

    • DNS CNAME record

      Go to your DNS provider and create a CNAME record. In the hostname field, enter _dnsauth. Then, add [random_value].dcv.digicert.com in the target host field to point the CNAME record to dcv.digicert.com. DigiCert does a search for a DNS CNAME record associated with the domain that includes the DigiCert-generated random value.

    • HTTP Practical Demonstration and HTTP Practical Demonstration with unique filename DCV methods

      You can only use the HTTP Practical Demonstration DCV methods to demonstrate control over fully qualified domain names (FQDNs) exactly as named. To learn more, visit Domain Validation Policy Changes.

      • HTTP Practical Demonstration

        Host a file containing a DigiCert-generated random value at a predetermined location on your website: http://{domain-name}/.well-known/pki-validation/fileauth.txt. DigiCert visits the specified URL to confirm the presence of our random value.

      • HTTP Practical Demonstration with unique filename

        Host a file with a random, DigiCert-generated filename that contains a DigiCert-generated random value at a predetermined location on your website: http://{domain-name}/.well-known/pki-validation/{unique-filename}.txt. DigiCert visits the specified URL to confirm the presence of our random value.

  4. When ready, select Submit For Validation.

What's next

Use the selected DCV method to complete domain validation and demonstrate control over your domain.

References:

In this section: