Why should I verify domain control?
The CA must confirm that the applicant has control over the domain name, otherwise anyone can apply for an SSL certificate for a domain name that does not belong to them.
What are the ways to verify domain name control?
There are three types, namely email verification, file verification and DNS verification.
- DNS Validation
- Document Verification
- Email Verification
1. DNS Verification
Add a specified DNS record as required. The record type is CNAME
an example. The domain name for applying for the certificate is sslsky.com.
Log in to the User Center-SSL Certificate Management, find the certificate order, and see that the DNS record to be added is:
Taking the domain name registered with Alibaba Cloud as an example, you need to log in to the domain name resolution control panel and add the following record. 
CA will periodically check the record. After adding the record, verification will usually be completed within 1 hour.
2. Document Verification
Upload the specified verification file to the directory specified by the website as required.
If you choose file verification, please log in to the User Center-SSL Certificate Management, find the certificate order, copy the verification content, and upload it to the server. For
example:
Verification URL: https://aabb.com/.well-known/pki-validation/201F4EFF6DFFA6F7CC22775AC0163C7C.txtFile name: 201F4EFF6DFFA6F7CC22775AC0163C7C.txt
Please upload the file to the pki-validation directory under the .well-known directory under the website directory of the domain name.
If there is no such directory on the website, you need to create such a directory structure, then put the verification file in it, and confirm that the file can be opened through the verification URL above.
Tip : .well-known is a directory name that starts with a period. The Windows operating system can create this directory through the command mkdir .well-known
3. Email Verification
The following email addresses can be used as domain name verification email addresses:
Whois email:admin@abc.comadministrator@abc.comhostmaster@abc.comwebmaster@abc.compostmaster@abc.com
WHOIS email address is the domain name contact email address, which is usually the domain name contact email address filled in when registering a domain name. If the registrar or domain name owner hides this email address, the CA will not be able to query the contact email address of the domain name.
The premise for the use of the other email addresses is that the domain name has opened a corporate email address.
Except for the above email addresses, other email addresses cannot be used to verify the control of the domain name.
If the above email addresses cannot be used, other verification methods can be used.
