Do I need to repeat domain validation (DV) for subdomains?

So, you’ve gotten an SSL/TLS certificate and validated your base domain, but now you need certificates to cover additional subdomains. Can you re-use your previous validation, or do you need to repeat the process? The answer depends on the DV method that you initially used:

  • With the Email Challenge Response method, validation of a domain name is scoped to the team, rather than the order, and domains successfully validated by email automatically extend the validation “coverage” to all levels of subdomains to the left of the validated domain. This means that:
    • If you have validated example.com via email, you do not need to go through domain validation for a new CSR for info.example.com (or any other subdomain of example.com) unless the original validation has expired. (Note: DV is valid for 820 days between validations.)
    • If you are adding info.example.com to the CSR of a previously-issued certificate covering example.com (for example, when reprocessing a multi-domain certificate), and you used email validation, you do not need to go through domain validation for info.example.com unless the original validation has expired.
    • However, in both of the above cases, if your initial validation was for info.example.com, you do need to go through domain validation for example.com or www.example.com (but not for www.info.example.com).
  • With the DNS CNAME or File Lookup methods, validation is strictly scoped to the CSR. In this case:
    • If you have previously validated example.com via one of these methods, you do need to go through domain validation again for a new CSR for info.example.com (or any other subdomain of example.com).
    • However, if you are adding info.example.com to the existing CSR of a previously-issued certificate covering example.com, and you used CNAME or File Lookup validation, you do not need to revalidate for info.example.com.

Questions? Contact us my email at Support@SSL.com, by phone at 1-877-SSL-SECURE, or just use the chat link at the bottom right of this page. Thank you for choosing SSL.com!