Domain Control Validation (DCV) using file-based validation policy change

The CA Browser (CA/B) Forum recently passed ballot SC45 regarding the use of file-based domain validation, also known as file auth, http token, http auth, or CA/B Forum Baseline Requirements methods 18 ( and 19 (

This ballot disallows file-based domain validation for wildcard certificates and requires, when file-based DCV is employed, that it must take place for each individual SAN/fully qualified domain name (FQDN). Sectigo will implement this policy change beginning November 22, 2021. Use of the file-based DCV method will be affected in the following ways: 

  • File based DCV will be disallowed for the validation of domains in wildcard certificates.
  • In non-wildcard certificates, domain validation will be required for every FQDN/SAN individually
  • These policy changes affect all public TLS/SSL certificates.

note: This change does not apply to Email-and DNS-based validation, which still are available for wildcard certificates and can be performed at the base domain level or another shared superior domain to validate subdomains and wildcard domains.

See the following knowledgebase articles for further information:
Validation Policy Change FAQ
Domain Control Validation (DCV) Methods
Alternative Methods of Domain Control Validation (DCV)