How Cerbot verifies the domain ownership?


I have setup nginx webserver with CentOS 8 stream. My question is how do, Certbot verifies the domain ownership?

Is it by uploading a file at the root directory of the domain or how?

How can I change the behavior, ie, the way Certbot verifies the domain ownership?

Which is the best method?


1 Like

Certbot does not verify ownership, the Certificate Authority (CA) does. By default, Certbot uses Let's Encrypt (LE) as the CA.

You can learn more about how LE works here: How It Works - Let's Encrypt and the different challenge types here: Challenge Types - Let's Encrypt

Next, you can read about how to use Certbot here: User Guide — Certbot 1.30.0 documentation


@Osiris I see, CA is not creating a file in my root directory. Also, I haven't added anything to DNS. Then, which method, CA is using to verify domain authorship?


1 Like

Well, the CA does give the ACME client (Certbot in your case) the instruction to put a file in a certain place under the root directory and the client would have the task to do so.


This explains the ways one can prove control:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.