What is domain control validation (DCV)?

    October 17, 2019

    Three methods Nexcess clients can use to send DCVs to Comodo as part of the procedure for registering SSL certificates. 


    A domain control validation, or DCV, is used by the CA before issuing an SSL certificate to verify the person making the request is in fact authorized to use the domain related to that request. Nexcess uses Comodo as their CA exclusively.


    After submitting your CSR, you must choose one of the three methods provided by Comodo. Only the domain owner or someone authorized by that domain owner may validate with Comodo. Three methods are by email, by DNS record, and by file authorization.


    The email method is the traditional means of validating ownership of your domain with DCV. Comodo will send an email to the administrative contact for the domain. This email will provide a unique validation code and a link; click the link and enter the code to validate.

     For security reasons, Comodo can only send the DCV email to five different types of email addresses:

    • admin@
    • administrator@
    • postmaster@
    • webmaster@
    • hostmaster@

     All of these options end with the domain used to create the CSR. If your domain does not have an email address corresponding to one of these types, then you must either create one for the DCV or provide a valid email address listed in your whois data. However, domains with private registration will have an invalid email address and must instead use one of the options listed above.

    DNS record

    The CSR you submit to Comodo will be hashed and these hash values will be provided to you. To validate, you must enter these hash values as a DNS CNAME record for your domain according to the following format, where example.com is the FQDN contained in your certificate:

    <Value of MD5 hash of CSR>.example.com.CNAME <value of SHA1 hash of CSR>.comodoca.com.


    Also called an HTTP-based DCV, this method also requires you to use the hash values provided to you by Comodo. To validate, create a plaint-text file and place the file in the root of your web server. Only web servers served over HTTP may use this method, and the content must read as follows, where example.com is your FQDN as contained in your certificate:

    http://example.com/>Upper case value of MD5 hash of CSR>.txt

    Additional information

    For more information regarding Comodo and its role as a CA, visit their website.

    For 24-hour assistance any day of the year, contact our support team by email or through your Client Portal.

    Was this article helpful?

    Send feedback

    Can’t find what you’re looking for?

    Our award-winning customer care team is here for you.

    Contact Support