For the Email to DNS TXT Contact DCV method, an authorization email is sent to the email addresses found in the DNS TXT record on the
_validation-contactemail subdomain of the domain being validated.
Note: The Email to DNS TXT Contact DCV method is currently available for all GeoTrust and DigiCert SSL/TLS products only. This method is not currently supported for Sectigo and PositiveSSL products.
To use the Email to DNS TXT Contact DCV method, you place the DNS TXT record on the
_validation-contactemail subdomain of the domain you want to validate. The value of this text record can be one or more valid email addresses.
|Subdomain host||Time to Live (TTL)||TXT Value|
|_validation-contactemail||Shorter is firstname.lastname@example.org|
For this tutorial we'll be using AWS Route 53 to add a new TXT record for our fastssl.com domain. The principles will be the same for all DNS management systems.
_validation-contactemailinto the Record name box. Be sure to include the leading underscore. Select Record type TXT and then enter one or more valid email addresses in the Value box. The emails can be ANY valid email and does not have to be @ the domain you're creating the DNS record for. When you're done, click Create records.
Once you've gotten your new TXT setup at your DNS management console, you'll want to see if the world sees it. One way to check is via Google Admin Toolbox > DIG at https://toolbox.googleapps.com/apps/dig/#TXT/.
The Email to DNS TXT Contact DCV method is a subset of the DCV by Email Challenge method where allowed email addresses can come from three resources:
When placing a new, renewal or reissue request simply choose Email as your Domain Control Validation (DCV) method.
When you submit the order, multiple DCV approval emails will automatically be sent to any emails in the domain's WHOIS record, all five of the generic emails, and any emails pulled from the DNS TXT record for _validation-contactemail.fastssl.com.