1. Home
  2. SSL Certificate Support
  3. Validation for SSL Certificates
  4. Troubleshooting Domain Control Validation (DCV)

Troubleshooting Domain Control Validation (DCV)

Change Approval Method Settings

For almost all products you can change the domain validation method type using the “Change Approval Settings/Method” button at the bottom of your order details page. 

You can also use this button to force a system ping if you have the record/file posted, but it seems to be taking a long time to approve (an hour or more without validation usually means there is an issue with the record).

Click the Change Approval Method button on the Order Details page to access your approval method options. You can then use the Save button, or switch the method to another option, save, and switch it back to the original method requested to ping the record again. If validation still doesn’t work, review the troubleshooting options below. 

Email Validation 

Email-based domain validation can often be the fastest and easiest method. However, due to the nature of the email, being sent from a “no-reply” address by an automated system, the DCV email is often blocked or improperly sorted.

If you do not see the DCV email right away, please check the junk folder and spam filters. If you still can’t find it, we advise to whitelist the CA’s validation teams IP addresses and main email addresses on your mail server or firewall. Once these addresses are whitelisted, you can use the Resend DCV Email button on your Order Details Page to send the email again. 





allow connections by user agent DigiCert DCV Bot/1.1

DCV Email are sent from 


  • ssltechsupport@digicert.com
  • support@digicert.com

Whitelisting may also be required for HTTP and DNS/CNAME validation to be sure the vendor system can properly reach your server. 

HTTP Validation

The Authentication File should always be posted with these folders/directories:

  • domain.com/.well-known/pki-validation/filename.txt
    Note: you may need to enable “show hidden files/folders” to be sure the folder is not already created, since you can’t have 2 folders with the same name.
  • For Windows servers the first folder must be named “.well-known.” as you may encounter an error naming the folder without the trailing dot at the end of the name.

For example, a cPanel file posting would look like this:

Traffic Redirect Issues

HTTP re-directs to HTTPS:

Please be sure you have the right option selected on your order. While Comodo can approve domains on HTTP or HTTPS, you need to select the option that corresponds to where you have the record on your server so the CA’s system will check the right location.

Root domain redirects to www: 

In most cases, if the root domain has a properly functioning traffic forward set to www the record will most likely get approved as is. However, there are some cases (using CDN, too many redirects, server time-out, etc) where the redirect will need to be removed to facilitate domain approval. If you can, it’s always best to post it and have it visible on the root domain (domain.com) to avoid any potential conflicts or delays. 

Main domain redirects to alternate domain:

Make sure that the domain you are trying to validate does not redirect to any other domain or the validation will fail.

DigiCert File Authentication Knowledgebase

Comodo Domain Control Validation Knowledgebase

CNAME Validation (Comodo Only)

A standard CNAME record has 2 main components: The Host Name, which starts with an underscore and ends with your domain, and the record content which is the unique value that ends in “comodoca.com” (sometimes referred to as the “Point To”). The CNAME instructions should look similar to the table below (please note that the values are unique for each order request):

Alias / Host Name


Point to/Record Content



When it is posted correctly and tested with a public tool (such as MXToolbox, shown in the screenshot below) it should show both values like this:

However, in some cases the domain host automatically adds your domain to any record that you add, even if you include the domain name when you create the record. In this case, when you follow the instructions and copy/paste the full Host Name record, it actually has your domain on it twice, like this:

To resolve the issue you can simply update the record and remove your domain from the Host Name. Then when your host adds the domain by default it shows properly. 

As an example, for the GoDaddy DNS zone, it would look like this:

So you would remove the domain:

After fixing the duplicate domain record, check your CNAME again and if everything is correctly configured, your domain should be validated.

Updated on

Was this article helpful?

Related Articles