Help Center> Cloud Certificate & Manager> FAQs> Verification of the Domain Name Ownership - SCM> How Do I Perform Verification by File?
View PDF

How Do I Perform Verification by File?

In this method, you are required to verify domain name ownership by creating a specified file on the server.

After CA approves your application, you need to verify your domain ownership as described in the order, or your certificate will remain in the Pending domain name verification state and will not be approved.

Verification by file is usually performed by your server administrator. This topic describes how to perform verification by file.

The verification file can be deleted only after the certificate is issued or revoked.

Constraints

  • If the associated domain name contains www, you need to verify both the domain name with www and without www. For example, if the domain name is www.example.com, you need to verify the ownership of both example.com and www.example.com.
  • If the associated domain name is a wildcard domain name, only the domain name without the asterisk (*) needs to be verified. For example, if the domain name is *.example.com, only example.com needs to be verified.

Step 1: Obtaining Verification Information

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > Cloud Certificate Management Service. The service console is displayed.
  3. In the navigation pane on the left, choose SSL Certificate Manager. In the row containing the desired certificate, click Verify Domain Name in the Operation column. The Verify Domain Name page is displayed.
  4. On the Verify Domain Name page, view the Record Value.

    If the page is not displayed, log in to your email (the one specified during certificate application) to view the recorded value.

    Figure 1 File verification

Step 2: Creating the Required File

  1. Log in to your server and ensure that the domain name points to the server and the website is enabled.
  2. Create a specified file in the root directory of the website. You need to specify the file directory, file name, and content.

    The root directory of the website refers to the folder where the website programs are stored on the server. The root directory has the following names: wwwroot, htdocs, public_html, webroot, and more.

    The following uses website root directory /www/htdocs as an example:

    1. Create the .well-known/pki-validation subdirectory in the root directory of the website.

      In this case, create the subdirectory in the /www/htdocs directory.

    2. Create the whois.txt file in the .well-known/pki-validation subdirectory.
    3. Add the record value obtained in Step 1: Obtaining Verification Information to the whois.txt file.

Step 3: Checking Whether the Verification Configuration Takes Effect

  1. Open a browser and access the URL address: https://your domain/.well-known/pki-validation/whois.txt or http://your domain/.well-known/pki-validation/whois.txt.

    Replace your domain in the URL address with the domain name bound during certificate application.

    • If your domain name is a common domain name, perform the following operations:

      For example, if your domain name is example.com, the access URL address is https://example.com/.well-known/pki-validation/whois.txt or http://example.com/.well-known/pki-validation/whois.txt.

    • For a wildcard domain name, perform the following operations:

      For example, if your domain name is *.domain.com, the access URL address is https://domain.com/.well-known/pki-validation/whois.txt or http://domain.com/.well-known/pki-validation/whois.txt.

  2. Check whether the verification URL address can be properly accessed in the browser and whether the record value displayed on the page is the same as that on the order progress page.

    • If the record value displayed on the page is the same as that displayed on the domain name verification page of the SCM console, the configuration of domain name verification has taken effect.
    • If they are different, the configuration of domain name verification does not take effect.

  3. If the configuration does not take effect, check and handle the issue from the following aspects:

    • Check whether the verification URL address exists in HTTPS accessible addresses. If yes, use HTTPS to re-access the URL address in the browser. If the browser displays a message indicating that the certificate is untrusted or the displayed content is incorrect, disable the HTTPS service for the domain name temporarily.
    • Ensure that the verification URL address can be accessed at any place. Detection servers of some CAs are located outside China. Check whether your site has images outside China or whether the smart DNS service is used.
    • Check whether the verification URL address contains 301 or 302 redirection. If such redirection exists, cancel the related settings to disable the redirection.

      You can run the wget -S URL address command to check whether the verification URL address is redirected.