Please consider this tips and tricks list we've composed to assist you in receiving your SSL certificate timely and without unnecessary delays. Following these simple instructions should help you to avoid the most common and basic, yet frequent issues our customers and resellers encounter during the validation procedure.
1. Domain Validation
Let’s take a look at the procedures that are used to perform this kind of validation.
As an example we will use the ordering process of a Comodo DV certificate:
1.1 HTTP Validation
In order to complete the HTTP validation Certificate Authority's system checks availability of the .txt file containing a special key - SHA1. It is automatically generated for you by our system and can be accessed by clicking the "Follow the instructions" link in the "Domain and validation methods" row.
Clicking the "Follow the instructions" link will open a window where, in the "File" row, you may find a correct path where the file should be placed along with the exact filename that is generated exclusively for your domain.
In the "File Content" row you may find a text that should be pasted in the .txt file you are about to use for the validation procedure.
Recently we have intoduced a new feature in our SSL Panel - HTTP Validatior - that should help you check the accesibility, placement and file contents we have been overviewing in the above sections.
Even if you were following previous steps of this guide closely and you are sure that you have done everything right, we kindly ask you to take another moment of your time and use our new feature to double check your order.
You may find a new "Run validation" button in the "Validation performed by SSL Panel" section below.
Just click the button and our system will check everything for you.
And if any errors are encountered you will receive a detailed description of what went wrong and how these issues can be resolved.
1.2 Email Validation
Certificate Authority will send an email to a confirmation email address which should be directly linked to the domain which is going to be protected by the issued certificate. For example, for the www.domain.com vaild email addresses would be:
If the name of your general domain contains a subdomain (name.domain.com) then the above pattern is in this case applicable as well - the valid address would be, for example: firstname.lastname@example.org.
The above list is relevant for Symantec SSL certificates as well.
1.3 DNS Validation
This method requires that you create a special CNAME (Canonical Name) record in your DNS configuration. Our system will automatically provide you the necessary keys (MD5 hash and SHA1) which could be located by clicking the “Follow the instructions” link, same as during the HTTP Validation procedure:
Please note, that if your general domain name in the order does not contain www (example.com) then the only possible host is MD5hash.example.com. If you have chosen a domain name which includes www (www.example.com), then both MD5hash.example.com and MD5hash.www.example.com could be used.
FREQUENTLY ASKED QUESTIONS
I. (Comodo) We have uploaded the .txt file to its server 2 hours ago, but HTTP Validation is not finished yet. What is the reason for the delay?
a) The file name or contents are incorrect:
- The file name should always be in uppercase letters
- The file contents should always be in lowercase letters
b) The file is placed incorrectly. Only the following locations are allowed:
For Multi-domain certificates only the full name is checked, so the valid locations would be:
c) The file contents may contain unreadable or additional characters. To check that please use curl utility with the command of a similar pattern:
- curl -A "COMODO DCV" http://www.example.com/FileName
II. (Comodo) The file contents and name are correct as well as the URL, but validation is still not completed.
a) Make sure that the URL containing the file does not redirect to any location aside from the ones that are stated in the section Ib of this FAQ.
b) Please check that the server accepts “COMODO DCV” as a User Agent. Some websites block this in their configuration or .htacess file.
c) The file and server must be accessible from anywhere in the world.
III. (Comodo) We haven’t had an opportunity to upload the file yesterday, so we did it today, but the validation is still in progress, has file been checked by the CA?
- The CA's system checks the presence of the file every 15 minutes on the day the request was submitted. If, for any reason, file could not be found or read during the first day, the system will check for its availability every 24 hours.
IV. My order has been flagged for a brand validation, what does that mean and what should I do?
- The Certificate Authority’s specialist will try to manually validate your company’s information stated in the order because CA’s system flagged it for such review. Reasons may vary: a match for a certain keyword has been found in the order details, your company’s business considered to be a high risk (banking, gambling, legal services). Manual review may take up to 48 hours. If after this time period your order is still in the brand validation phase - please contact our support.
V. My order is in brand validation stage, but the telephone number (company name, address, etc) in my order is incorrect/inconvenient for me, how can I change it?
- Please be advised, that Certificate Authority is authorised to use information from official registries and databases only (i.e. http://www.dnb.com/ - can be used internationally, https://egrul.nalog.ru/ - for Russian companies only, https://www.kvk.nl/ - for Dutch, etc). Which means that information from such resources only is taken into account - if you provide a new telephone number or company address - please make sure that it is publicly available in the official database, otherwise Certificate Authority won’t count that information as valid.
VI. I have ordered a single-domain certificate for www.example.com. Would it protect example.com as well after it has been issued (and vice versa)? I also would like to order a certificate for www.subdomain.example.com, would subdomain.example.com be protected as well?
- In the first case - the answer is yes, both domains would be protected. In the second one - for Comodo certificates - true, both domains would be protected as well, but for Symantec certificates - no, their certificates cannot provide protection on that many levels, you will have to decide whether to protect www.subdomain.example.com or subdomain.example.com. Another option is to order a multi-domain certificate.