File-Based Authentication for SSL Certificates

The Trustico® validation system will provide you with a unique verification file containing specific content after you place your order.

You'll need to upload this file to your web server in a specific location :

/.well-known/pki-validation/

This directory path is an industry standard location for domain validation files. Most web servers are configured to serve files from this location by default, making it an ideal place for domain validation files.

Implementation Steps

First, create the required directory structure on your web server using :

mkdir -p /var/www/your-domain/.well-known/pki-validation/

The -p flag ensures that all necessary parent directories are created if they don't already exist. This command will create the full directory path in a single step, saving you time and ensuring proper directory structure.

Next, create the verification file using the unique content provided in your order confirmation :

echo "TRUSTICO_PROVIDED_CONTENT" > /var/www/your-domain/.well-known/pki-validation/verification-file.txt

This command creates a new text file with your unique verification content. The content must match exactly what we provided in your order confirmation - even a single character difference will cause the validation to fail.

The greater than symbol (>) is used to write the content to a new file, overwriting any existing file with the same name.

Set the correct file permissions :

chmod 644 /var/www/your-domain/.well-known/pki-validation/verification-file.txt

The permission setting 644 ensures that the file is readable by everyone but only writable by the owner.

This is the recommended permission setting for web-accessible files as it allows the web server to read and serve the file while maintaining security.

Server Configuration

Some web servers require additional configuration to serve files from the /.well-known/ directory. If you're using Apache, add :

<Directory "/var/www/your-domain/.well-known">
    Allow from all
</Directory>

This Apache configuration ensures that your validation files are accessible to our validation system.

The Directory directive specifically allows access to the .well-known folder while maintaining your other security settings.

If you're using Nginx, add :

location /.well-known {
    allow all;
}

This Nginx configuration block explicitly permits access to the .well-known directory. It's important to add this to your server block configuration to ensure proper validation.

Troubleshooting

If you're experiencing issues with validation, here are some helpful commands to check your setup. First, verify your file permissions :

ls -la /var/www/your-domain/.well-known/pki-validation/

This command displays a detailed list of files in your validation directory, showing permissions, ownership, and file sizes.

Ensure the verification file has the correct permissions (644) and is owned by the appropriate user.

To check your web server logs for any access issues :

tail -f /var/log/apache2/error.log   # For Apache
tail -f /var/log/nginx/error.log    # For Nginx

These commands will show you real-time log entries as our system attempts to validate your domain.

This can be particularly helpful in identifying any permission or configuration issues that might prevent successful validation.

You can test file accessibility using :

curl -v http://your-domain/.well-known/pki-validation/verification-file.txt

The curl command will show you exactly what our validation system sees when attempting to access your verification file.

A successful response should show HTTP/1.1 200 OK and display the file contents.

Security Best Practices

After we've validated your domain and issued your SSL Certificate, we recommend removing the verification file :

rm /var/www/your-domain/.well-known/pki-validation/verification-file.txt

Removing the verification file after successful validation is a security best practice.

While the file contents are not sensitive, maintaining a clean server environment is always recommended.

Alternative Validation Methods

While file-based validation is one of a few recommended methods for domain validation, your Trustico® SSL Certificate can also be validated using DNS-based or e-mail validation methods. More Information 🔗