How Domain Verification Takes Place for Domain Validated SSL Certificate?
CA Requires to Get Your Domain Ownership Verified Before Issuing DV SSL Certificate
Domain Validated (DV) SSL certificate is the most popular and used SSL certificate. Unlike OV and EV, the DV SSL certificate gets issued within minutes once domain ownership verification is completed, which takes only 10 to 15 minutes.
In other words, to complete the verification process of domain ownership and get your DV SSL certificate issued, CAs (Certificate Authorities) like Sectigo and Comodo simply require you to complete one verification step. Here, the user is required to prove that the domain for which they're purchasing an SSL certificate belongs to them.
Below are the steps by which you can complete verification of your domain ownership:
Email Validation to Get DV SSL Certificate Issued
The most straightforward method for verifying you're the domain ownership is through email verification. CAs like Comodo and Sectigo verifies against WHOIS record for the website you're purchasing an SSL certificate. Likewise, it'll send an email to the email address listed in the WHOIS record.
What if My Email Address Is Not Listed on WHOIS Record?
If your email address isn't listed in the WHOIS record, you aren't out of luck, as there's another option available.
CAs Send Email to One of Your Pre-approved Email Address
CAs such as Comodo and Sectigo has the policy of sending authentication email to one of the pre-approved email addresses:
File Based Authentication
If email-based authentication fails to work, then you can try file-based authentication. Generally, CAs like Comodo and Sectigo provide you with a text file. Likewise, you'll require to upload that text file within your root directory, and CA will verify it.
CNAME – Based Authentication
If none of the mentioned above steps works, then there's one more final way by which you can verify your domain. Comodo provides two unique hashes using the MD5 algorithm and another using SHA-1. Likewise, you need to enter them within your CNAME DNS Record like:
.domain-you-secure.com CNAME .sectigo.com."
Once you complete it, CA will complete the verification of your domain, and the validation step will get completed.
For those who have purchased Wildcard SSL Certificate, File Based Authentication will not work. According to CA/Browser Forum, the decision has been made to remove File Based Authentication step for the Wildcard SSL certificate.