Domain Control Validation by Email Challenge Method

What is Domain Control Validation?

SSL certificates are issued to one or more domain names. It's the job of the Certification Authority (CA) that eventually signs the cert to verity that the entity requesting a cert (you) has the right to use the domains in the cert. For example, if you want to buy a cert for, say,, you'd have to prove that you currently own and have control over the domain. This proof is called Domain Control Validation, or DCV.

How is Domain Control Validation Proved?

DCV is proved by one of three methods:

  1. Email Challenge
  2. DNS Challenge
    1. DNS TXT Challenge: adding a DNS TXT  Record (Orders for GeoTrust, DigiCert and Symantec CAs)
    2. DNS CNAME Challenge: adding a DNS CNAME  Record (Orders by Sectigo/Comodo CA)
  3. HTTP(S) File Challenge: adding a txt file to your website

In this article we discuss DCV by Email Challenge. You may switch from one DCV method to another. Just login to your GeoCerts account to make the change.

DCV by Approval Email

You can prove domain ownership if you can receive an email from the CA (GeoTrust, Comodo, DigiCert) to any email address associated with your domain's WHOIS record (harder to do these days with GDRP in effect) or to one of five pre-approved generic email addresses. The generic emails are admin, administrator, hostmaster, webmaster and postmaster @YOUR-DOMAIN.COM (the domain in your certificate request, not your personal email). CAs are not permitted to send DCV emails to any other addresses (doing so could result in the CA being flagged and distrusted in popular browsers... they're not going to do it).

Changing and Re-sending DCV Emails

You can change and/or re-send the DCV email to one of the approved emails by logging in to your GeoCerts SSL Manager account and selecting Action > Change/Re-send. You can also contact us and we'd be happy to help you understand your DCV options.

Wanna Test an Email Address?

You think you have one of the generic email boxes setup and ready to go, but do you really? Sometimes sending yourself a test email requires jumping through hoops. Don't do that.

A couple of tools to check your MX email server

Setting Up Email Aliases and Forwarding

It's perfectly fine to set up an email alias that forwards to your regular email address. For example, you can configure an email alias to forward to As long as you can respond to the link in the DCV approval email from the CA it doesn't matter how it makes its way to you.

Please contact our support team if you have any additional problems or questions.

Oct 30, 2018 Scott Rogers