Domain validation for TLS certificates

When you purchase our Shared Certificate or Shared Wildcard Certificate TLS options, our partner Certificate Authority (GlobalSign) must verify you control the domains requested and that you authorize us to request a certificate service on your behalf. You can choose:

Regardless of the verification method you use, be sure to follow our instructions to begin the TLS ordering process.

DNS text record verification

We provide you with a unique DNS TXT record that you need to add for the zone origin ("@"). The text of this entry will change depending on the certificate to which your domain is added, but will generally look something like this (where the {meta tag} will change depending on the certificate):

@ IN TXT "globalsign-domain-verification={meta tag}"

Consult the documentation for your DNS server or hosted DNS provider for more information about how to add the record. This text record must be wholly separate from other text records. A prepended, inserted, or appended record will not work.

URL verification

We provide you with an HTML meta tag that must be included in the <head> section of the web page served at the root of the domain to be added. The meta tag will be formatted similar to the following (where the {meta tag} text will change depending on the certificate):

<meta name="globalsign-domain-verification" content="{meta tag}" />

Note that this text must be served from the actual requested domain or root domain. For example, GlobalSign will specifically query http://www.example.com, so the verification tag must be served from whatever resource is returned from that URL. GlobalSign will not follow redirects or request a file on that domain (such as http://www.example.com/verify.html or http://www.example.com/index.html). It will also work on http://example.com.

Email verification

GlobalSign will give Fastly a list of acceptable email addresses to which they can send a validation email. Generally these email addresses match those that appear on the WHOIS record of the domain requested, plus the following:

For entries requested for a subdomain, each of those addresses @subdomain.domain.com will also work (e.g., admin@subdomain.domain.com).

We will send you the list of acceptable email address. You will need to tell us which email address to use. GlobalSign will then send a verification email to the email address you specify. Once you receive the verification email, you will need to click on a link in that email and follow the instructions to complete the validation.

Back to Top