DV Domain Validation Certificate

The simplest and fastest SSL certificate to obtain for securing your site.

Domain Validation (DV) certificates are the most common and accessible type of SSL certificate. They only verify that you control the domain for which you're requesting the certificate, without validating the identity of the organization behind the site.

Thanks to Let's Encrypt and other certificate authorities, DV certificates are available for free and can be issued in minutes. They offer the same level of encryption as more expensive certificates.

MoniTao monitors your DV certificates and alerts you before they expire, particularly important for Let's Encrypt certificates that expire every 90 days.

What is a DV Certificate?

Characteristics of Domain Validation certificates:

  • Automatic validation: validation is done by email, DNS, or HTTP file, without human intervention. Results in minutes.
  • Free or low cost: Let's Encrypt, ZeroSSL, and others offer free DV certificates. Paid versions rarely exceed $50/year.
  • Full encryption: the encryption level (256-bit AES, RSA 2048+ key) is identical to OV and EV certificates.
  • Variable duration: Let's Encrypt issues 90-day certificates, commercial CAs up to 1 year.

Use Cases

DV certificates are ideal for:

  • Blogs and personal sites: perfect for securing a blog, portfolio, or showcase site without financial transactions.
  • Development sites: staging and development environments that need HTTPS but not organization validation.
  • Small businesses: SMB showcase sites where cost is a factor and organization validation is not required.
  • Internal APIs: internal services that require HTTPS for security but not public validation.

How to Get a DV Certificate

The steps to get your certificate:

  1. Choose a CA: Let's Encrypt (free), ZeroSSL, Comodo, DigiCert, etc. Let's Encrypt is most popular for free certificates.
  2. Validate the domain: by email ([email protected]), by DNS (adding a TXT record), or by HTTP (file at site root).
  3. Generate the certificate: the CA generates the certificate after successful validation. With Certbot, it's automatic.
  4. Install the certificate: configure your web server (Nginx, Apache) to use the certificate and private key.

Get a DV Certificate with Certbot

The simplest method with Let's Encrypt:

# Install Certbot
sudo apt install certbot python3-certbot-nginx

# Obtain and auto-install (Nginx)
sudo certbot --nginx -d mydomain.com -d www.mydomain.com

# Automatic renewal (already configured)
sudo certbot renew --dry-run

# Verify installed certificate
openssl s_client -connect mydomain.com:443 2>/dev/null | openssl x509 -text -noout | grep -A1 "Subject:"

Certbot fully automates obtaining and installing Let's Encrypt certificates, including automatic renewal.

Best Practices

Tips for DV certificates:

  • Automate renewal: Let's Encrypt certificates expire every 90 days. Set up automatic renewal with Certbot.
  • Monitor expiration: even with auto-renewal, monitor your certificates with MoniTao to detect renewal failures.
  • Use HTTPS everywhere: redirect all HTTP traffic to HTTPS and enable HSTS for maximum security.
  • Upgrade to OV/EV if needed: if you handle financial transactions or sensitive data, consider a certificate with organization validation.

DV Certificate Checklist

  • Domain correctly pointed
  • Validation successful (email/DNS/HTTP)
  • Certificate installed on server
  • HTTP to HTTPS redirect active
  • Automatic renewal configured
  • Expiration monitoring active

Frequently Asked Questions

Is a DV certificate secure?

Yes, the encryption is identical to OV/EV certificates. The difference is only in the level of identity validation.

Why does Let's Encrypt limit to 90 days?

To encourage automation and limit the impact of potential key compromise. Automatic renewal makes this duration transparent.

Does Google penalize DV certificates?

No, Google makes no distinction between DV, OV, and EV for SEO. Only having HTTPS matters.

Can I use a DV certificate for e-commerce?

Technically yes, but an OV or EV certificate may inspire more customer trust for financial transactions.

How do I know if a site uses a DV certificate?

Click the browser padlock and check certificate details. A DV won't have an Organization (O) field.

Does MoniTao monitor Let's Encrypt certificates?

Yes, MoniTao monitors all your SSL certificates and alerts you before expiration, regardless of the certificate authority.

Simple, Free, and Effective

DV certificates offer excellent value (often free) for securing your site. They are perfect for blogs, showcase sites, and personal projects.

With MoniTao, monitor your DV certificates and be alerted before expiration to avoid SSL errors that drive away visitors.

Useful Links

Ready to Sleep Soundly?

Start free, no credit card required.

Create My Account See pricing