Skip to main content

Domain prevalidation: Bulk domain revalidation

Use the bulk domain revalidation feature to submit up to 25 domains simultaneously for revalidation. DigiCert recommends keeping your domains' validation up to date for quicker certificate issuance.

Items to note about domain validation:

  • Per industry standards, a domain's validation is valid for 397 days (approximately 13 months).

  • If you order a certificate for a domain while the domain's revalidation is pending, we use the domain's current validation to issue the certificate until that validation has expired.

Submit domains for revalidation

  1. In your CertCentral account, in the left menu, go to Certificates > Domains.

  2. On the Domains page, check the box next to the domains you want to revalidate.

  3. In the Submit domains for revalidation dropdown, select the DCV method you want to use to demonstrate control over the domains.

    • Revalidation by DNS TXT record

      Go to your DNS provider and create a TXT record. Add a DigiCert-generated random value to the domain's TXT record.

    • Revalidation by email

      An email recipient follows the instructions in a confirmation email sent for the domain. DigiCert sends two sets of DCV emails: Email to DNS TXT contact and Constructed Email.

      • Email to DNS TXT contact

        Place the DNS TXT record on the _validation-contactemail subdomain of the domain you want to validate. The RDATA value of this text record must be a valid email address.

        DigiCert sends an authorization email to the email addresses found in the DNS TXT record on the _validation-contactemail subdomain of the domain you are validating.

      • Email to Constructed Email

        DigiCert sends the authorization email to five constructed email addresses for the domain: admin, administrator, webmaster, hostmaster, and postmaster @[domain_name].

        Before DigiCert can successfully send an authentication DCV email to the domain owner (or domain controller), we must verify that an MX record (a resource record in the Domain Name System [DNS]) exists in the DNS records of the recipient's domain name. The presence of valid MX records enables us to send the authentication email.

      Warning

      End of life for the WHOIS-based Email

      On May 8, 2025, DigiCert ended support for the WHOIS-based DCV email method. DigiCert systems have stopped querying WHOIS entirely to find email addresses for domain validations. To learn more about this change, see our knowledge base article, End of life for WHOIS-based DCV methods.

      What should I do?

      You must update your domain validation process to use one of the other supported DCV methods. If you still want to use the Email DCV method, use the DNS TXT record email contacts or the Constructed email method.

    • Revalidation by DNS CNAME record

      Go to your DNS provider and create a CNAME record. In the hostname field, enter _dnsauth. Then, add [random_value].dcv.digicert.com in the target host field to point the CNAME record to dcv.digicert.com.

  4. On the Submit domains for revalidation page, review the selected domains and when ready, select Submit domains for validation.

  5. For the DNS CNAME and DNS TXT DCV methods, download a CSV file containing each domain's DigiCert-generated random value.

    Under Next steps, select Download CSV and save the file. Then, use this file to add the correct random value to each domain's DNS CNAME or DNS TXT record.

    Danger

    Download the CSV file now!

    Download the CSV file now before closing this page. After leaving this page, the only way to get the DigiCert-generated random value for each domain is to open each Domain's details page and copy it.

What's next

Use the selected DCV method to complete domain validation and demonstrate control over your domains.

References:

In this section: