What is the DCV process?

On November 1, 2018, Comodo announced that the company is rebranding to Sectigo. For more information about this, please see the following announcement at Sectigo's website:

Any Comodo certificate issued after January 2019 will reference Sectigo as the certificate authority, while any certificates issued prior to that will still reference Comodo. These are still the same company, and the only difference is the name.

The Domain Control Validation process (DCV) allows Sectigo to verify that you have control over a domain for which you are requesting a certificate. This prevents anyone but you from gaining access to your domain's security settings and taking control over your site.

How does DreamHost validate Domain Control for Sectigo certificates?

DCV can be verified by using one of the following three methods (DNS, HTTP/HTTPS, or email):

DNS

By placing a record on the nameservers: DreamHost places a CNAME record in your zone file with hashed information that Sectigo can find, and then validates that you have control over the domain. After it completes, the CNAME record is removed.

HTTP/HTTPS

By placing a publicly-accessible file on your domain: DreamHost places a file with a hashed version of your Certificate Signing Request (CSR) under your domain where it is accessible by Sectigo. Once the domain is verified to be under your control, the file is removed.

Email

By sending an email: Sectigo sends an email to one of a short list of common administrative email addresses associated with a domain (admin@, webmaster@, and so on).

Make sure the email address you select when purchasing the Sectigo certificate exists and is able to receive email before you select it. If needed, you can create one through the panel. Selecting a confirmation address from the drop-down list does not mean it exists, nor does DreamHost or Sectigo create it for you.

This is a last option in the DCV process, so it's possible you never receive this email. If you do receive this email from Sectigo, proceed through the steps to complete the verification of your domain. 

Which method is used?

When you order a Sectigo Domain Validated (DV) certificate, DreamHost attempts to validate in the order shown above (DNS, HTTP/HTTPS, and then email). The first two methods are preferable (DNS and HTTP/HTTPS) since DreamHost can automate them on your behalf with as little inconvenience to you as possible.

If the first two methods do not complete, DreamHost will then use the email method if the first attempt at validation fails or you don’t host the domain at DreamHost.

How long does it take to get my certificate?

Validating automatically through the DNS or HTTP/HTTPS method is usually accomplished within 24 hours. If the certificate is not obtained shortly after 24 full hours, DreamHost will then use the email method. DreamHost will attempt to validate by sending you an email, using the address you selected as the DCV email address described above.

See also

Did this article answer your questions?

Article last updated PST.