How Domain Verification Takes Place for Domain Validated SSL Certificate?

Below are the steps by which you can complete verification of your domain ownership:

Email Validation to Get DV SSL Certificate Issued

The most straightforward method for verifying you're the domain ownership is through email verification. CAs like Comodo and Sectigo verifies against WHOIS record for the website you're purchasing an SSL certificate. Likewise, it'll send an email to the email address listed in the WHOIS record.

What if My Email Address Is Not Listed on WHOIS Record?

If your email address isn't listed in the WHOIS record, you aren't out of luck, as there's another option available.

CAs Send Email to One of Your Pre-approved Email Address

CAs such as Comodo and Sectigo has the policy of sending authentication email to one of the pre-approved email addresses:

• [email protected]
• [email protected]
• [email protected]
• [email protected]
• [email protected]

File Based Authentication

If email-based authentication fails to work, then you can try file-based authentication. Generally, CAs like Comodo and Sectigo provide you with a text file. Likewise, you'll require to upload that text file within your root directory, and CA will verify it.

CNAME – Based Authentication

If none of the mentioned above steps works, then there's one more final way by which you can verify your domain. Comodo provides two unique hashes using the MD5 algorithm and another using SHA-1. Likewise, you need to enter them within your CNAME DNS Record like:

".domain-you-secure.com CNAME .sectigo.com."

Once you complete it, CA will complete the verification of your domain, and the validation step will get completed.

Note:
For those who have purchased Wildcard SSL Certificate, File Based Authentication will not work. According to CA/Browser Forum, the decision has been made to remove File Based Authentication step for the Wildcard SSL certificate.