File-based authentication allows certificate authorities to validate domain ownership because it requires that you (the domain owner) add specified folders and upload a TXT file that contains a random string of characters to your domain’s file structure. If you’re able to make those kinds of modifications in your domain’s hosting panel, then it’s safe to say that you own the domain.
The Certificate Authorities will validate your order once their system is able to navigate to the URL path they provided to you and “ping” or detect the random string that they provided you.
Although this seemingly simple validation method goes very smoothly in most cases, we’ve seen common issues delay validation for some of our clients. If your file is not authenticating or you’re unsure how to add the needed folders, please review the below troubleshooting steps. From our experience, 95% of all issues with file based authentication can be solved by following the steps below.
How to check if your file is uploaded correctly
The Certificate Authority’s system must be able to load your order’s .txt file by following the URL or File Path provided to you to validate it.
For example, let’s say that you are trying to validate www.mydomain.com. The file path or URL that the certificate authority will try to view your file on would be:
www.mydomain.com/.well-known/pki-validation/[your file name].txt
Once they are able to view the contents of the provided .txt file, the order will get issued.
You can check this yourself by opening your preferred web browser and navigating to the URL that you uploaded the file to. In our example, it would be www.mydomain.com/.well-known/pki-validation/[your file name].txt, if you navigate there and see a page that only contains the contents of the file, then your order should validate without issue.
If you see anything other than the contents of the file, then something is wrong and you should follow the steps in this article to resolve the issue.
Troubleshooting Steps:
- If you are able to load the contents of your file, but your order is not validating, check to make sure that all letters in your file path are lower case. If any upper case characters are present, the order will not validate.
- If you’re finding issues with your operating system not allowing the “.well-known” portion of the file-path, enter the file name as “.well-known.” Including that extra period after the “.well-known” should allow the file-path to be accepted.
- Your file-path must reflect the Common Name on the CSR, or Certificate Signing Request. This means that if your certificate is being issued for domain.com, your file-path cannot be for www.domain.com. You must include the Common Name exactly as it appears on your order.
- If you try to navigate to your file contents and instead you get re-directed to another page, this will block validation from taking place. Make sure there are no re-directs in place on your domain. This includes any login prompts or pages that require any security measures to access them.
- If your website has an expired SSL certificate on it or you see any other browser warnings when trying to access your file, you must remove the old certificate and clear the browser warning before this can be issued. Once the Certificate Authority’s system detects an error it will stop the validation process.
- Sometimes, the C.A. keep a difference between http-based and https-based file check.
If you have yet an active SSL certificate on your site, keep attention during the first step and ask the right kind of authentication.
These are the most common issues related to file based authentication.
If you have completed these steps and are still experiencing issues, please contact our support team.