File-based authentication allows certificate authorities to validate domain ownership because it requires that you (the domain owner) add specified folders and upload a TXT file that contains a random string of characters to your domain’s file structure. If you’re able to make those kinds of modifications in your domain’s hosting panel, then it’s safe to say that you own the domain.

The Certificate Authorities will validate your order once their system is able to navigate to the URL path they provided to you and “ping” or detect the random string that they provided you.

Although this seemingly simple validation method goes very smoothly in most cases, we’ve seen common issues delay validation for some of our clients. If your file is not authenticating or you’re unsure how to add the needed folders, please review the below troubleshooting steps. From our experience, 95% of all issues with file based authentication can be solved by following the steps below.

How to check if your file is uploaded correctly

The Certificate Authority’s system must be able to load your order’s .txt file by following the URL or File Path provided to you to validate it.

For example, let’s say that you are trying to validate www.mydomain.com. The file path or URL that the certificate authority will try to view your file on would be:

www.mydomain.com/.well-known/pki-validation/[your file name].txt

Once they are able to view the contents of the provided .txt file, the order will get issued.

You can check this yourself by opening your preferred web browser and navigating to the URL that you uploaded the file to. In our example, it would be www.mydomain.com/.well-known/pki-validation/[your file name].txt, if you navigate there and see a page that only contains the contents of the file, then your order should validate without issue.

If you see anything other than the contents of the file, then something is wrong and you should follow the steps in this article to resolve the issue.

Troubleshooting Steps:

  1. If you are able to load the contents of your file, but your order is not validating, check to make sure that all letters in your file path are lower case. If any upper case characters are present, the order will not validate.

  2. If you’re finding issues with your operating system not allowing the “.well-known” portion of the file-path, enter the file name as “.well-known.” Including that extra period after the “.well-known” should allow the file-path to be accepted.

  3. Your file-path must reflect the Common Name on the CSR, or Certificate Signing Request. This means that if your certificate is being issued for domain.com, your file-path cannot be for www.domain.com. You must include the Common Name exactly as it appears on your order.

  4. If you try to navigate to your file contents and instead you get re-directed to another page, this will block validation from taking place. Make sure there are no re-directs in place on your domain. This includes any login prompts or pages that require any security measures to access them.

  5. If your website has an expired SSL certificate on it or you see any other browser warnings when trying to access your file, you must remove the old certificate and clear the browser warning before this can be issued. Once the Certificate Authority’s system detects an error it will stop the validation process.

  6. Sometimes, the C.A. keep a difference between http-based and https-based file check.
    If you have yet an active SSL certificate on your site, keep attention during the first step and ask the right kind of authentication.

These are the most common issues related to file based authentication.

If you have completed these steps and are still experiencing issues, please contact our support team.


Found this article interesting?
Subscribe to DomainRegister´s newsletter!

You can unsubscribe at any time by simply clicking the link in the footer of our emails. For information about our privacy practices, please visit our website.

We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp s privacy practices here.

  • SSL, DV SSL
  • 5 Utenti hanno trovato utile questa risposta
Hai trovato utile questa risposta?

Articoli Correlati

 What is the difference between SHA-1 and SHA-2 ?

SHA stands for Signature Hashing Algorithm;  It's a mathematical hash that proves the...

 What is an intermediate certificate and how to get it?

An intermediate certificate is a file needed by the web browser to identify the C.A. who issued...

 How can I install my SSL certificate on more than one server?

Many SSL certificate licences allow to install the same certificate on an unlimited number of...

 How To Fix The Warning : "Site Contains Secure & Non-Secure Items"

A SSL certificate provides cover for all your website files and folders, which are included in...

 I have accidentally deleted my "private key": what can I do now?

First check your backups and see if you can re-install the "private key". If you don't know how...