Knowledge Base

Domain Control Validation (DCV) using file-based validation policy change

Updated on April 1, 2022

The CA Browser (CA/B) Forum recently passed ballot SC45 regarding the use of file-based domain validation, also known as file auth, http token, http auth, or CA/B Forum Baseline Requirements methods 18 (3.2.2.4.18) and 19 (3.2.2.4.19).

This ballot disallows file-based domain validation for wildcard certificates and requires, when file-based DCV is employed, that it must take place for each individual SAN/fully qualified domain name (FQDN). Sectigo will implement this policy change beginning November 22, 2021. Use of the file-based DCV method will be affected in the following ways: 

File based DCV will be disallowed for the validation of domains in wildcard certificates.
In non-wildcard certificates, domain validation will be required for every FQDN/SAN individually
These policy changes affect all public TLS/SSL certificates.

Note: Sectigo adds an additional FQDN on Single Domain SSL/TLS Certificates to help reduce the domain name mismatch warnings. For example, if you request a Single Domain Certificate for 'domain.com', Sectigo will also add 'www.domain.com' as an additional FQDN. If you chose HTTP(S) method to validate the certificate, you must complete the DCV on both FQDNs. If you failed to validate the additional FQDN, Sectigo will issue the certificate by removing the additional FQDN to avoid delays in the issuance process.

This change does not apply to Email-and DNS-based validation, which still is available for wildcard certificates and can be performed at the base domain level or another shared superior domain to validate subdomains and wildcard domains.

See the following knowledgebase articles for further information:
Validation Policy Change FAQ
Domain Control Validation (DCV) Methods
Alternative Methods of Domain Control Validation (DCV)