Domain Validation (DV) SSL Certificate Requirements
Sarah MitchellShare
A Domain Validation (DV) SSL Certificate is the quickest type to obtain, because the only thing checked is control of the domain. There is no review of the organization behind the site, which is why a Domain Validation (DV) SSL Certificate can often be issued within minutes.
This guide sets out what the validation actually requires, the methods you can use to prove control, and what to have ready so issuance is not held up. Learn About SSL Certificate Validation 🔗
What Domain Validation Proves
Domain Validation (DV) confirms one thing : that the applicant controls the domain named in the request. It does not confirm the identity of any person or business, so it carries no organization details.
The check follows the industry rules that every Certificate Authority (CA) works to, so the methods are consistent wherever the SSL Certificate is obtained. Each name on the SSL Certificate is validated in its own right.
The Approved Validation Methods
Control is proven through Domain Control Validation (DCV), and three methods are accepted. A Domain Name System (DNS) TXT record holding a value supplied by the Certificate Authority (CA) is the most flexible, since it does not depend on any mailbox.
A file-based check places a supplied file under the well-known validation path on the web server, reachable over HTTP. The SSL Certificate is issued once the Certificate Authority (CA) reads the expected content. Learn About Domain Control Validation (DCV) 🔗
E-Mail validation sends a message to one of five fixed addresses at the domain, namely admin, administrator, hostmaster, webmaster, or postmaster, each followed by the domain name. A contact published in a Domain Name System (DNS) record can also receive it.
The End of WHOIS Validation
Validation no longer uses WHOIS records. Following an industry rule change during 2025, every Certificate Authority (CA) stopped accepting contact details drawn from WHOIS, so a registrant address listed there can no longer receive a validation e-mail.
The five fixed role addresses and the published Domain Name System (DNS) contact are the accepted e-mail routes now. Keeping one of those reachable is what matters, rather than the old WHOIS entry.
Getting Ready for a Smooth Check
Before you start, make sure you can act on whichever method you choose. For e-mail, confirm one of the five role addresses receives mail and that filters allow messages from the Certificate Authority (CA).
For a Domain Name System (DNS) or file-based check, confirm you can add a record or upload a file and leave it in place until issuance. Keeping that access ready is what prevents most delays.
From Issuance to Installation
Once the check passes, the Certificate Authority (CA) issues the Domain Validation (DV) SSL Certificate straight away. A Domain Validation (DV) SSL Certificate begins with a Certificate Signing Request (CSR) generated on the web server, so prepare that first. Learn About Certificate Signing Requests (CSR) 🔗
The SSL Certificate is then installed on the web server together with its Private Key and the intermediate files that complete the chain. Learn About SSL Certificate Installation 🔗
Validating Again Each Term
An SSL Certificate is issued for a fixed term and is validated afresh for each new one. The industry maximum validity is falling over the next few years, so these checks will come round more often than they used to.
A reissue during the life of the SSL Certificate is free and keeps the same names, used for a Private Key change or a server move rather than to extend the term. Learn About the Reissue Process 🔗
