Changes in Domain Control Validation procedure

Changes to domain validation have been announced by the CA/Browser forum, For Sectigo certifcates effective from November 15 this year. These changes are only relevant if you use file validation as the validation method for certificate requests, it will no longer be allowed to use file validation as validation method for wildcard certificates. In addition, with non-wildcard certificates you will have to validate each domain separately with a file on that specific subdomain.

This article answers the Frequently Asked Questions, more information you can find in this news article.

What kinds of certificates does this change apply to? 

The new rules apply to all public SSL certificates, be they DV, OV, or EV. 

When does this take effect? 

The CA/Browser Forum has set a deadline for implementation of December 1, 2021.  Sectigo will implement this change of policy on November 15, 2021, to ensure compliance by the target date. 

Should I renew all my certificates now to avoid this new process? 

There is no reason to pre-emptively renew certificates. If you are using wildcard or multidomain certificates and have used file-based validation in the past, you may need to use a different technique such as DNS CNAME record.

Are my existing certificates impacted? 

Active certificates issued prior to the deadline are not impacted in any way, regardless of the DCV method used.

What happens with Single domain certificates after November 15?

Sectigo single domain certificates come standard with a free extra domain: if you request these for or, for example,, you get or for free. Starting November 15th it will be necessary to validate both domains separately. In some cases, for example with, adding an extra domain will not be necessary and will only result in extra work. We will adjust our ordering process to this, so that it becomes possible to add or remove the free extra domain on single domain certificates. Note: We will add a checkbox to the Control Panel to add or remove the free extra domain, through the API the extra domain will be added as standard, unless you disable it. A function for this will be added to our API in early October.


Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues

point up