When you submit a certificate application, you must select a domain name verification method so that the certification authority (CA) can verify your ownership or management rights over the domain name bound to the certificate.
Overview of verification methods
Alibaba Cloud provides four domain name verification methods for different scenarios. Use the following table to choose the method that best fits your situation:
|
Method |
Applicable certificate types |
Estimated issuance time |
Typical scenario |
|
Automatic DNS verification (Recommended) |
DV certificates |
1–2 business days |
The domain name is registered, DNS is managed, and the certificate is purchased under the same Alibaba Cloud account |
|
Manual DNS verification |
DV certificates (single domain or wildcard domain) |
1–2 business days |
The DNS service is not under the same Alibaba Cloud account as the certificate applicant, but you have permission to manage the domain name |
|
File verification |
DV certificates (single domain only) |
1–2 business days |
You have server management permissions, can write files to the web root directory, and the server has port 80 and port 443 open |
|
Email verification |
OV or EV certificates |
3–7 business days |
Apply for an OV or EV certificate; the CA confirms application information via email or phone |
Certificate issuance speed depends on how quickly domain authorization verification is completed. If your domain name contains sensitive words (such as bank, pay, or live), it may trigger a manual review process, which extends the review time. Please wait patiently.
Automatic DNS verification
Automatic DNS verification is the recommended method. When conditions are met, Alibaba Cloud automatically adds a DNS record for the corresponding domain name in the Alibaba Cloud DNS console to complete verification. No manual operation is required — you only need to wait for the certificate to be issued.
All of the following conditions must be met:
-
You have purchased a DV certificate.
-
The domain name bound to the certificate was applied for on Alibaba Cloud.
-
The domain name uses the Alibaba Cloud DNS service.
-
The Alibaba Cloud DNS service and the certificate applicant are under the same Alibaba Cloud account.
If all information is correctly entered, the CA completes the review and issuance within 1–2 business days.
For more information, see Domain ownership verification.
Manual DNS verification
When the following conditions are met, you must manually add a DNS record with your DNS provider to verify domain name ownership.
All of the following conditions must be met:
-
You have purchased a DV certificate, and the domain name type is single domain or wildcard domain.
-
You have permission to modify the DNS resolution settings for the domain name (that is, you have domain name management permissions).
-
The DNS service and the certificate applicant are not under the same Alibaba Cloud account.
For the specific steps, see Domain ownership verification.
-
If all information is correctly entered, the CA completes the review and issuance within 1–2 business days.
-
If a DV certificate is not issued for an extended period, check whether the DNS record is configured correctly.
File verification
When the following conditions are met, you must download a dedicated verification file from the Certificate Management Service console and upload it to the specified verification directory on your web server.
All of the following conditions must be met:
-
You have purchased a DV certificate, and the domain name type is single domain.
-
You have permission to write content to the web root directory of the server where the website is hosted (that is, you have server management permissions).
-
The web server must have port 80 and port 443 open.
-
If you are applying for a certificate from an international brand (such as DigiCert or GlobalSign), ensure that the domain name server can be accessed from outside the Chinese mainland. We recommend that you temporarily add the CA center's IP addresses to the allowlist in your domain name server to ensure the CA can reach it and complete domain name ownership verification. For information about how to obtain the CA center's IP addresses, . You can also contact a product technical expert for assistance. For more information, see One-on-one Expert Service.
-
If the domain name is a root domain (for example,
aliyundoc.com), ensure that the second-level domain starting withwww.is also accessible, and vice versa.
For the specific steps, see Domain ownership verification.
-
If all information is correctly entered, the CA completes the review and issuance within 1–2 business days.
-
If a DV certificate is not issued for an extended period, check whether the verification file is configured correctly.
Email verification
This method applies only when you have purchased an OV or EV certificate.
After you submit an OV or EV certificate application, the CA typically sends a preliminary review email to the email address provided in the application, or contacts you by phone, within 1 business day (the exact timing depends on the CA's local time and may be extended during public holidays). Promptly answer calls from the CA and check for emails from the CA.
If all information is correctly entered and you actively cooperate with the CA verification process, the CA completes the review and issuance within 3–7 business days.