Skip to main content

ACME Validation Methods Explained

Written by Garrett Saundry

Overview

Before a certificate can be issued, the Certificate Authority must verify your control of the domain name being secured.

This process is known as validation.

HTTP-01 Validation

HTTP-01 uses a temporary validation file that is served from your website.

Advantages

  • Widely supported

  • Straightforward for many web servers

Limitations

  • Requires web server access

  • Does not support wildcard certificates

DNS-01 Validation

DNS-01 uses DNS TXT records to prove control of a domain.

Advantages

  • Supports wildcard certificates

  • Supports fully automated deployments

  • Does not require web server access

Limitations

  • Requires DNS access

  • May require DNS automation capabilities

Validation Method Comparison

Feature

HTTP-01

DNS-01

Wildcard Support

No

Yes

Requires Web Access

Yes

No

Requires DNS Access

No

Yes

Automation Support

Yes

Yes

Recommended Method

Limited Cases

Most Deployments

Recommendation

For most customers, DNS-01 validation is the recommended approach because it offers the greatest flexibility and supports fully automated certificate management.

Did this answer your question?