How Do I Perform Verification by File?
In this method, you are required to verify domain name ownership by creating a specified file on the server.
After CA approves your application, you need to verify your domain ownership as described in the order, or your certificate will remain in the Pending domain name verification state and will not be approved.
Verification by file is usually performed by your server administrator. This topic describes how to perform verification by file.
The verification file can be deleted only after the certificate is issued or revoked.
Prerequisites
CAs send authentication requests only to port 80 or 443.
Step 1: Obtaining Verification Information
- Log in to the management console.
- Click in the upper left corner of the page and choose . The service console is displayed.
- In the navigation pane on the left, choose SSL Certificate Manager. In the row containing the desired certificate, click Verify Domain Name in the Operation column. The Verify Domain Name page is displayed.
- On the Verify Domain Name page, view the Record Value.
If the page is not displayed, log in to your email (the one specified during certificate application) to view the recorded value.
Figure 1 File verification
Step 2: Creating the Required File
- Log in to your server and ensure that the domain name points to the server and the website is enabled.
- Create a specified file in the root directory of the website. You need to specify the file directory, file name, and content.
The root directory of the website refers to the folder where the website programs are stored on the server. The root directory has the following names: wwwroot, htdocs, public_html, webroot, and more. Perform operations as required.
The following uses Windows servers as an example. Assume that the root directory of the website is /www/htdocs.
- On the Windows menu, click Start and enter cmd to start the command dialog box.
- Run the following command to go to the disk where the root directory of the website is located. In this example, drive D is such a disk.
d:
- Run the commands below to create the .well-known/pki-validation subdirectory in the root directory of the website.
In this case, create the subdirectory in the /www/htdocs directory.
cd /www/htdocs mkdir .well-known cd .well-known mkdir pki-validation cd pki-validation
- Run the command below to create the whois.txt file in the .well-known/pki-validation subdirectory.
echo off>whois.txt
- Run the following commands to open the whois.txt file:
start whois.txt
- Put the record you obtained in Step 1: Obtaining Verification Information into the whois.txt file and choose File > Save in the upper left corner.
Step 3: Checking Whether the Verification Configuration Takes Effect
- Open a browser and access the URL address: https://your domain/.well-known/pki-validation/whois.txt or http://your domain/.well-known/pki-validation/whois.txt.
Replace your domain in the URL address with the domain name bound during certificate application.
- If your domain name is a common domain name, perform the following operations:
For example, if your domain name is example.com, the access URL address is https://example.com/.well-known/pki-validation/whois.txt or http://example.com/.well-known/pki-validation/whois.txt.
- For a wildcard domain name, perform the following operations:
For example, if your domain name is *.domain.com, the access URL address is https://domain.com/.well-known/pki-validation/whois.txt or http://domain.com/.well-known/pki-validation/whois.txt.
- If your domain name is a common domain name, perform the following operations:
- Check whether the verification URL address can be properly accessed in the browser and whether the record value displayed on the page is the same as that on the order progress page.
- If the record value displayed on the page is the same as that displayed on the domain name verification page of the SCM console, the configuration of domain name verification has taken effect.
- If they are different, the configuration of domain name verification does not take effect.
- If the configuration does not take effect, check and handle the issue from the following aspects:
- Check whether the verification URL address exists in HTTPS accessible addresses. If yes, use HTTPS to re-access the URL address in the browser. If the browser displays a message indicating that the certificate is untrusted or the displayed content is incorrect, disable the HTTPS service for the domain name temporarily.
- Ensure that the verification URL address can be accessed at any place. Detection servers of some CAs are located outside China. Check whether your site has images outside China or whether the smart DNS service is used.
- Check whether the verification URL address contains 301 or 302 redirection. If such redirection exists, cancel the related settings to disable the redirection.
You can run the wget -S URL address command to check whether the verification URL address is redirected.
Domain Name Ownership Verification FAQs
- How Do I Verify Domain Ownership?
- How Do I Verify the Domain Ownership Manually by DNS?
- How Do I Perform Verification by File?
- How Do I Perform Verification by Email?
- How Do I Check Whether Domain Name Verification Takes Effect?
- How Can I Check Whether DNS Verification Takes Effect for Windows OSs?
- What Can I Do If Domain Ownership Verification Does Not Take Effect?
- How Do I Query a Domain Name Provider?
- How Do I Query and Verify the Email Address of the Domain Administrator?
- How Do I Use DNS to Verify Domains Not Hosted on Huawei Cloud?
- Why Does the SSL Certificate Remain in the Pending Domain Name Verification State (Application Progress Is 40%) After Domain Name Verification Is Complete?
- How Do I Change the Domain Name Verification Mode When the SSL Certificate Status Is Pending domain name verification?
- What Do I Do If DNS Verification for a DV Certificate Fails?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbotmore