Before an SSL/TLS certificate can be issued, domain control validation (DCV) must be completed. This proves to the issuing Certificate Authority (CA) that the individual applying for the SSL/TLS certificate has control over the domain they are securing.
Approver email DCV
The most popular DCV method is the approver email. The approver email is sent to an email address associated with the domain being validated, and simply contains a code to be pasted into a URL. The simplicity of this DCV method is likely why it is so commonly used.
The approver email can only be sent to one of the five generic domain aliases or an email address listed on the domain registrar’s WHOIS record.
The domain registration details show who owns the domain and the email addresses associated with the domain owner, among other details. This information is entered at the time the domain is registered and can be updated at any time through the domain registrar. It is these listed email address/es which the approver email can be sent to in order to complete DCV and have the SSL/TLS certificate issued.
Checking the domain’s details
To check the domain registration details for a valid email address to send the approver email to, a WHOIS search is done for the domain. This is a database query to the domain registrar to find out “who is” the owner of the domain. The query will return the aforementioned information such as the name of the domain registrar, domain owner, and contact email address/es.
If your preferred email address is not listed in the domain registration details, or are not publicly available, you will need to update them by logging into your domain hosting account or contacting your domain registrar so that they can update the details for you, ensuring they are publicly viewable.
There are some domain registrars that require you to perform the WHOIS search directly through their website in order to gain all of the relevant details. This includes hosting companies like GoDaddy, which will provide a URL link to the WHOIS results that can be used to check the registration details on their website.
In addition to checking the registrar, you can also use one of the below top-level domain (TLD) specific databases to perform the WHOIS search:
ICANN – most generic .com domains can be searched for their registration details using ICANNs WHOIS function below:
Why the domain details are sometimes not available
In some cases, the information is not made publicly available and so the information provided by a WHOIS search will not show an email address to send the approver email to. Some of the reasons why this can occur have been outlined below.
All domain registrars have a privacy settings that can be enabled and disabled at whim. This is used to hide the contact details you have entered into your domain’s registration details for privacy purposes. In some cases, an email address mask will display in place of the contact email address, which is normally a string of alpha-numeric characters followed by a privacy domain (for example email@example.com). This email address can be used as an option for receiving the automated approver email however you would first need to contact your domain registrar to confirm if emails sent to this address are forwarded to an active email address. Alternatively, you can disable the privacy setting so that the desired contact email address is displayed. Once the DCV has been completed, the privacy settings can be enabled again.
Since the implementation of the General Data Protection Regulation (GDPR) laws across European Union member nations, companies needed to rethink their approach to the handling and retention of customer information. As a result, some of the domain registrars permanently disabled public access to registered domain details, marking them as “GDPR REDACTED” or “REDACTED FOR PRIVACY”. This means that although you may have contact details listed for the domain which you can see from your account, they will not display when conducting a WHOIS search and so, unfortunately, cannot be used to receive the approver email. In this case, the only option is to use one of the five generic domain aliases unless the registrar will set the information to public upon request.
There are some countries which have their own regulations preventing the domain registration details from being viewed using WHOIS searches.
Known countries are listed below:
The UK government does not allow domain registration details to be made publicly available. Just like with GDPR retacted domain details, this means that although you may have contact details listed for the domain which you can see from your account, it will not be found when conducting a WHOIS search and hence unfortunately cannot be used as an option for receiving the automated approver email. The only option is to use one of the five generic domain aliases unless the registrar will set the information to public upon request.
The Australian government has a similar restriction regarding domain registration details. They are not able to be accessed by WHOIS searches and instead require manual searches from whois.auda.org.au/
As long as the preferred email address can be found here, your order can be manually updated to include this address as an option for receiving the approver email.
While the approver email is the most commonly used DCV method, other methods are available which you can read about at the below link:
How Useful Was This Post?
Let Us Know How We Are Doing - Click A Star To Rate This Post
Average Vote Rating / 5. Vote Count :
Tech/Customer Support agent and Blog Manager at Trustico® Online Limited.
Griffith University graduate with a Bachelor of Arts majoring in Politics & Foreign Relations and Journalism.