Domain Control Validation by HTTP File-based Token Method

The DCV HTTP File-based Token Method allows you to demonstrate control over your domain by hosting a .txt file containing a generated random string token at a predetermined location on your website. Once the file is created and placed on your site, the issuing CA visits the specified URL to confirm the presence of the verification token.

A. Instructions for GeoTrust and DigiCert orders

  1. Locate the pending order in your GeoCerts CertCommand account. Click on a domain in the 'You Need To..." section.

  2. From the DCV Method dropdown choose HTTP File-based Token and copy the File Content token string. Note: The token value expires after thirty days.
     


  3. Open a text editor (such as Notepad) and paste the unique hash token into the file and save the file as fileauth.txt.

  4. Create a public directory on your server: /.well-known/pki-validation

    Note the leading dot in .well-known
    For Windows-based servers, the .well-known folder must be created via command line
    (mkdir .well-known).
  5. Add your fileauth.txt to the new directory so that you end up with the following public URLs for each FQDN requested (In this example you will need one for www.example.com and one for plain example.com).

    http(s)://example.com/.well-known/pki-validation/fileauth.txt
  6. Test the URL in a browser using HTTP or HTTPS to verify that it's responding properly. Your browser should display your unique hash token. The token value must be publicly accessable and cannot be behind a firewall. Multiple redirects will prevent DCV approval and only ports 80 and 443 will be accepted.

    undefined

  7. Once you confirm that each FQDN responds with the correct token you can click the Check button to verify and approve DCV token values. Complete the steps above for EVERY FQDN domain name on the order. When all domains on the order are Approved the Domain Control Validation step is complete!

B. Instructions for PositiveSSL and Sectigo (formerly Comodo) orders

  1. Locate the pending order in your GeoCerts CertCommand account. Click on a domain in the 'You Need To..." section.



  2. From the DCV Method dropdown choose HTTP/S File-based Token and copy the File Content token strings. 
     


  3. Open a text editor (such as Notepad) and paste the File Content lines into the file and save the file as [token-string].txt.

  4. Create a public directory on your server: /.well-known/pki-validation

    Note the leading dot in .well-known
    For Windows-based servers, the .well-known folder must be created via command line
    (mkdir .well-known).
  5. Add your [token-string].txt to the new directory so that you end up with the following public URLs for each FQDN requested. 

    http(s)://yummy.scones.co.uk/.well-known/pki-validation/[token-string].txt

  6. Test the URL in a browser using HTTP(S) to verify that it's responding properly. Your browser should display your unique hash token value on line 1, followed by sectigo.com on line 2, and a shorter hash value on line 3, if shown. The file must be publicly accessable and cannot be behind a firewall. Multiple redirects will prevent DCV approval and only ports 80 and 443 will be accepted.



  7. Once you confirm that each FQDN responds with the correct token you can click the Check button to verify and approve DCV token values. Complete the steps above for EVERY FQDN domain name on the order. When all domains on the order are Approved the Domain Control Validation step is complete!

Additional Resources

  • GeoTrust, DigiCert, and Symantec: File DCV method common mistakes .
  • Sectigo/Comodo Domain Control Validation (DCV) methods .

Please contact our support team if you have any additional problems or questions.