How can I select a different SSL certificate domain validation email?
Table of Contents
To issue an SSL certificate, the Certificate Authority has to validate that the issue request is legitimate and comes from an authorized owner of the domain. This process is called domain validation.
Email-based domain validation is the most common certificate validation mechanism for domain-validated certificate orders.
This article explains how to use a different email for validating your SSL certificate order if your email is not visible in the list generated by the Certificate Authority.
If you aren’t familiar with the email validation process, read the email validation article before proceeding to the next section.
Which email can I use?
The approval email cannot be an arbitrary email like a customer-provided email or the email in your DNSimple account.
Remember: the validation process ensures the certificate is requested by someone with admin rights on the domain. The email must publicly and unequivocally identify the customer as the owner or administrator of the domain listed in the certificate.
The approval email can typically be sent to the following addresses:
- A generic administrative email, like
admin@example.com
orwebmaster@example.com
(see email requirements for domain validation for the full list). - The email address listed in the public WHOIS record for the domain.
There are no other alternatives. You can’t use your account email or any other email unless it’s visible in the public WHOIS record for the domain.
Select a different validation email address
Before proceeding, read the email requirements for domain validation to understand the goal of the certificate validation and how it works. It’s important to remember that, as described above in this article, the list of authoritative emails is generated by the Certificate Authority based on the email addresses publicly associated with the domain attached to the certificate.
If you want to submit your certificate to the Certificate Authority for approval, but none of the provided email addresses are working, you must temporarily configure one of the email addresses in the list (either as a full mailbox or as an alias/forward to an existing mailbox). If the domain doesn’t have any email service associated, and you manage the DNS with us, you can use our email forwarding service to quickly create an email for admin@example.com
and forward it to a personal or private email.
Email validation and GDPR
Due to the new privacy rules enacted by GDPR on May 25th 2018, most registrars are now hiding or masking email addresses in the WHOIS records. This prevents the Certificate Authority from being able to verify you are in control of the domain to issue your certificate.
As a result, you can no longer use a custom email address listed in the WHOIS to validate a certificate if the registrar/registry doesn’t disclose the contact information.