Certificate Management Service:How do I select a method for domain name ownership verification?

Verification method

Prerequisite

Description

Time required for certificate issuance

Automatic Domain Name System (DNS) verification

• The certificate is a domain validated (DV) certificate.

• The domain name that you bind to the certificate is registered with Alibaba Cloud.

• The domain name is hosted on Alibaba Cloud DNS.

• Alibaba Cloud DNS is activated for the Alibaba Cloud account of the certificate applicant.

Alibaba Cloud automatically identifies the domain names that meet the prerequisites and adds a TXT record to each domain name in the Alibaba Cloud DNS console for domain name ownership verification. You need to only wait for the certificate to be issued. For more information, see Alibaba Cloud DNS is activated for the Alibaba Cloud account of the certificate applicant.

If the specified information is correct, the CA completes review and issuance within 1 to 2 business days.

Manual DNS verification

• The certificate is a DV certificate, and the domain name that you bind to the certificate is a single domain name or a wildcard domain name.

• You have permissions to modify the DNS record of the domain name, which indicates that you have the administrative rights on the domain name.

• Alibaba Cloud DNS is not activated for the Alibaba Cloud account of the certificate applicant.

You must manually add a TXT record to the system of your DNS service provider to complete domain name ownership verification. For more information, see Manual DNS verification.

If the specified information is correct, the CA completes review and issuance within 1 to 2 business days.

File verification

• The certificate is a DV certificate, and the domain name that you bind to the certificate is a single domain name.

• You have permissions to write to the web root directory of the server on which your website is deployed, which indicates that you have the administrative rights on the server.

• Ports 80 and 443 are enabled on the server.

• If you apply for a certificate of a brand other than Chinese brands, such as DigiCert and GlobalSign, make sure that your DNS server can be accessed from outside the Chinese mainland. We recommend that you temporarily add the IP address of the CA to the whitelist of the DNS server to allow the CA to access your DNS server and complete domain name ownership verification. For more information about how to obtain the IP address of a CA, contact your account manager.

• If your domain name is a first-level domain name such as aliyundoc.com, make sure that its second-level domain name that starts with www. can also be accessed. If your domain name is a second-level domain name, make sure that its first-level domain name can also be accessed.

You must manually download a dedicated verification file from the Certificate Management Service console and upload the file to the required verification directory of your server. For more information, see File verification.

If the specified information is correct, the CA completes review and issuance within 1 to 2 business days.

Email verification

The certificate is an organization validated (OV) or extended validation (EV) certificate.

After you submit a certificate application for an OV or EV certificate, the CA staff calls the mobile phone number that you specify or sends a verification email to the email address that you specify in the certificate application within 1 business day. The time varies based on the location of the CA. Statutory holidays are excluded. We recommend that you answer the phone call or confirm the email from the CA at the earliest opportunity.

If the specified information is correct and you cooperate with the CA staff during the verification process, the CA completes review and issuance within 3 to 7 business days.