Updated on 2023-03-27 GMT+08:00

Domain Name Verification Overview

After certificate application is submitted, the associated domain needs to be verified. You need to work with the CA to complete the domain name ownership verification for your SSL certificate.

After your ownership of the domain name is verified by you and approved by the CA, the CA will issue the certificate.

If you do not complete the domain ownership verification, your certificate will remain in the Pending domain name verification state.

You can verify your domain ownership by any of the following methods:

Table 1 Domain name verification methods



Application Scenario

Automatic DNS Verification

With your authorization, SCM modifies the record set configured for the domain name. SCM automatically adds a record to the record set for verification.

  • Your certificate is a DV (for domain name) certificate.
  • Your certificate is used for a domain name that you apply for on Huawei Cloud and is hosted on Huawei Cloud DNS.

The system performs automatic DNS verification only when all the preceding conditions are met.

Manual DNS Verification

You add a record to the record set configured for the domain name for verification.

  • You have the permission to modify the DNS resolution settings.
  • You have selected manual DNS verification for domain name verification method when applying for the certificate. (This is not required for DV certificates.)

Email Verification

You log in to the email address of the domain name administrator and reply to the domain name confirmation email sent by the CA.

You have the permission to log in to the domain name administrator's mailbox. You have the domain name management permission.

File Verification

You obtain the certificate verification file from the SCM console and create the specified file in the website root directory on the server.

  • You have the permission to write content to the root directory of the server where the website is located. You have the server management permission.
  • Port 80 or 443 is enabled on the server to listen to HTTP or HTTPS requests.

    CAs send authentication requests only to port 80 or 443. If port 80 or 443 is not enabled on your server, do not use the file verification method.