What is the DCV process?

 

Overview

This article explains the Domain Control Validation process (DCV) process that occurs after purchasing a Professionally-Signed SSL certificate in the panel.

Background

This process allows the certificate authority (Sectigo) to verify that you own the domain for which you are requesting a certificate. This prevents anyone but you from gaining access to your domain's security settings and taking control over your site.

What is the verification process?

The DCV process verifies an SSL using one of the following three methods (DNS, File, or Email):

Which method is used?

When you order a Professionally-Signed Sectigo certificate, the following methods are used to attempt to validate in the order shown below.

  • The first two methods (DNS and File) are preferable since DreamHost can automate them on your behalf with as little inconvenience to you as possible.
  • The email method will only be used if the first two methods fail.

DNS record

DreamHost places a CNAME record in your DNS zone file with hashed information that Sectigo can locate and use to validate you have control over the domain. After it completes, the CNAME record is removed.

File on website

DreamHost places a file with a hashed version of your Certificate Signing Request (CSR) on your website where it is accessible by Sectigo. Once the domain is verified to be under your control, the file is removed.

Email verification

Sectigo sends an email to one of the administrative email addresses associated with your domain (admin@example.com, webmaster@example.com, etc.).

Make sure the email address you select when purchasing the Sectigo certificate exists and is able to receive email before you select it. If needed, you can create one through the panel.

This is the last option in the DCV process, so it's possible you will never receive this email. However, if you do receive this email, proceed through the steps to verify your domain.

How long does it take to get my certificate?

Validating using the first two methods usually completes within 24 hours.

If the certificate is not obtained after 24 hours, DreamHost will then use the email method.

See also

Did this article answer your questions?

Article last updated PST.

Still not finding what you're looking for?