Updated on 2024-09-18 GMT+08:00

How Do I Perform Verification by File?

In this method, you are required to verify domain name ownership by creating a specified file on the server.

After CA approves your application, you need to verify your domain ownership as described in the order, or your certificate will remain in the Pending domain name verification state and will not be approved.

Verification by file is usually performed by your server administrator. This topic describes how to perform verification by file.

The verification file can be deleted only after the certificate is issued or revoked.

Prerequisites

Port 80 or 443 is enabled on the server.

CAs send authentication requests only to port 80 or 443.

Constraints

  • Only DV single-domain free certificates support file verification.

Step 1: Obtaining Verification Information

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security & Compliance > Cloud Certificate Management Service. The service console is displayed.
  3. In the navigation pane on the left, choose SSL Certificate Manager. In the row containing the desired certificate, click Verify Domain Name in the Operation column. The Verify Domain Name page is displayed.
  4. On the Verify Domain Name page, view the Record Value.

    If the page is not displayed, log in to your email (the one specified during certificate application) to view the recorded value.

    Figure 1 File verification

Step 2: Creating the Required File

  1. Log in to your server and ensure that the domain name points to the server and the website is enabled.
  2. Create a specified file in the root directory of the website. You need to specify the file directory, file name, and content.

    The root directory of the website refers to the folder where the website programs are stored on the server. The root directory has the following names: wwwroot, htdocs, public_html, webroot, and more. Perform operations as required.

    The following uses Windows servers as an example. Assume that the root directory of the website is /www/htdocs.

    1. On the Windows menu, click Start and enter cmd to start the command dialog box.
    2. Run the following command to go to the disk where the root directory of the website is located. In this example, drive D is such a disk.

      d:

    3. Run the commands below to create the .well-known/pki-validation subdirectory in the root directory of the website.

      In this case, create the subdirectory in the /www/htdocs directory.

      cd /www/htdocs
      mkdir .well-known
      cd .well-known
      mkdir pki-validation
      cd pki-validation
    4. Run the command below to create the whois.txt file in the .well-known/pki-validation subdirectory.

      echo off>whois.txt

    5. Run the following commands to open the whois.txt file:

      start whois.txt

    6. Put the record you obtained in Step 1: Obtaining Verification Information into the whois.txt file and choose File > Save in the upper left corner.

Step 3: Checking Whether the Verification Configuration Takes Effect

  1. Open a browser and access the URL address: https://your domain/.well-known/pki-validation/whois.txt or http://your domain/.well-known/pki-validation/whois.txt.

    Replace your domain in the URL address with the domain name bound during certificate application.

    • If your domain name is a common domain name, perform the following operations:

      For example, if your domain name is example.com, the access URL address is https://example.com/.well-known/pki-validation/whois.txt or http://example.com/.well-known/pki-validation/whois.txt.

    • For a wildcard domain name, perform the following operations:

      For example, if your domain name is *.domain.com, the access URL address is https://domain.com/.well-known/pki-validation/whois.txt or http://domain.com/.well-known/pki-validation/whois.txt.

  2. Check whether the verification URL address can be properly accessed in the browser and whether the record value displayed on the page is the same as that on the order progress page.

    • If the record value displayed on the page is the same as that displayed on the domain name verification page of the SCM console, the configuration of domain name verification has taken effect.
    • If they are different, the configuration of domain name verification does not take effect.

  3. If the configuration does not take effect, check and handle the issue from the following aspects:

    • Check whether the verification URL address exists in HTTPS accessible addresses. If yes, use HTTPS to re-access the URL address in the browser. If the browser displays a message indicating that the certificate is untrusted or the displayed content is incorrect, disable the HTTPS service for the domain name temporarily.
    • Ensure that the verification URL address can be accessed at any place. Detection servers of some CAs are located outside China. Check whether your site has images outside China or whether the smart DNS service is used.
    • Check whether the verification URL address contains 301 or 302 redirection. If such redirection exists, cancel the related settings to disable the redirection.

      You can run the wget -S URL address command to check whether the verification URL address is redirected.