Domain Validation (DV)
RFC 8555 outlines the steps to obtain a Domain Validation (DV) certificate like so:
1) Generate a PKCS#10 [RFC2986] Certificate Signing Request (CSR).
2) Cut and paste the CSR into a CA’s web page.
3) Prove ownership of the domain(s) in the CSR by one of the following methods:
- Put a CA-provided challenge at a specific place on the web server.
- Put a CA-provided challenge in a DNS record corresponding to the target domain.
- Receive a CA-provided challenge at (hopefully) an administrator-controlled email address corresponding to the domain, and then respond to it on the CA’s web page.
4) Download the issued certificate and install it on the user’s Web Server.