Buy
Shop SSL Now
Renew
Renew SSL
Try
Free Trial SSL
Support Desk
Domain Control Validation by HTTP File-based Token Method
The DCV HTTP File-based Token Method allows you to demonstrate control over your domain by hosting a .txt file containing a generated random string token at a predetermined location on your website. Once the file is created and placed on your site, the issuing CA visits the specified URL to confirm the presence of the verification token.
Note: as of Dec 1, 2021, there are new rules that govern the use of the HTTP File-based Token DCV Method. This method can no longer be used for any wildcard domains (e.g., *.example.com). Additionally, you must make the token string available for each FQDN separately (e.g, www.example.com and mail.example.com).
How to set up DCV by HTTP/S File-based Token method
- Locate the pending order in your GeoCerts CertCommand account. Click on a domain in the 'You Need To... > Prove Control Over Domains" section.
- From the DCV Method dropdown choose HTTP/S File-based Token and copy the File Content token string. Note: The token value expires after thirty days.
* DigiCert and GeoTrust SSL orders will have a filename of
fileauth.txtwhereas SSL orders for Sectigo and PositiveSSL CAs will have a filename similar in format to6C25483595D7C679E95088CF316F56801ADE6990A8B93B660F8CB.txt.Additionally, the File Content for Sectigo and PositiveSSL SSL orders will contain 2 or 3 lines of text, similar in format to the following.
6C25483595004C8B5FBED7C679E95089A8B39E5E6384C9A9C49890EB00A887B9
sectigo.com
b6gnGbHI - Create a public directory on your server:
/.well-known/pki-validation
Note the leading dot in
.well-knownFor Windows-based servers, the
.well-knownfolder must be created via command line
(mkdir .well-known). - Add your
[filename].txtto the new directory so that you end up with the following public URLs for each FQDN requested.http(s)://example.com/.well-known/pki-validation/[filename].txt - Test the URL in a browser using HTTP/S** to verify that it's responding properly. Your browser should display the File Contents from step 2 above. The token value must be publicly accessible and cannot be behind a firewall. Multiple redirects will prevent DCV approval and only ports 80 and 443 will be accepted.
** DigiCert and GeoTrust SSL orders can use HTTP or HTTPS whereas Sectito and PositiveSSL orders are specifically set to check DCV at either HTTP or HTTPS, but not both.
- Check DCV approval.
Once you're sure that your new HTTP File Token is set up correctly, go back to step 2 and click the CHECK button.
When the correct HTTP File Token is located, that domain will be checked-off and approved. Repeat for all domains on the certificate order.
Scans of your HTTP File Token will begin immediately after you enroll for an SSL certificate, and automatic re-checks will be made periodically until the correct response is found. You can also force re-checks using step 2 above.
Choosing and changing the DCV method
You choose the initial DCV method when placing an SSL/TLS order. You can change the current DCV method - for example, from Email Verification to DNS CNAME - at any time by clicking the button for any domain on the order that is not approved.
Additional Resources
- What is Domain Control Validation?
- GeoTrust & DigiCert HTTP File-based DCV method common mistakes .
- Sectigo & PositiveSSL Domain Control Validation (DCV) methods .
Please contact our support team if you have any additional problems or questions.