Domain Control Validation by HTTP File-based Token Method
The DCV HTTP File-based Token Method allows you to demonstrate control over your domain by hosting a .txt file containing a generated random string token at a predetermined location on your website. Once the file is created and placed on your site, the issuing CA visits the specified URL to confirm the presence of the verification token.
How to set up DCV by HTTP/S File-based Token method
- Locate the pending order in your GeoCerts CertCommand account. Click on a domain in the 'You Need To... > Prove Control Over Domains" section.
- From the DCV Method dropdown choose HTTP/S File-based Token and copy the File Content token string. Note: The token value expires after thirty days.
* DigiCert and GeoTrust SSL orders will have a filename of
fileauth.txtwhereas SSL orders for Sectigo and PositiveSSL CAs will have a filename similar in format to
Additionally, the File Content for Sectigo and PositiveSSL SSL orders will contain 2 or 3 lines of text, similar in format to the following.
- Create a public directory on your server:
Note the leading dot in
For Windows-based servers, the
.well-knownfolder must be created via command line
- Add your
[filename].txtto the new directory so that you end up with the following public URLs for each FQDN requested.
- Test the URL in a browser using HTTP/S** to verify that it's responding properly. Your browser should display the File Contents from step 2 above. The token value must be publicly accessible and cannot be behind a firewall. Multiple redirects will prevent DCV approval and only ports 80 and 443 will be accepted.
** DigiCert and GeoTrust SSL orders can use HTTP or HTTPS whereas Sectito and PositiveSSL orders are specifically set to check DCV at either HTTP or HTTPS, but not both.
- Check DCV approval.
Once you're sure that your new HTTP File Token is set up correctly, go back to step 2 and click the CHECK button.
When the correct HTTP File Token is located, that domain will be checked-off and approved. Repeat for all domains on the certificate order.
Scans of your HTTP File Token will begin immediately after you enroll for an SSL certificate, and automatic re-checks will be made periodically until the correct response is found. You can also force re-checks using step 2 above.
Choosing and changing the DCV method
You choose the initial DCV method when placing an SSL/TLS order. You can change the current DCV method - for example, from Email Verification to DNS CNAME - at any time by clicking the button for any domain on the order that is not approved.