Support >
  About cybersecurity >
  How long does it take to issue a DV certificate after application?

How long does it take to issue a DV certificate after application?

Time : 2026-07-13 16:51:26
Edit : DNS.COM

  The most frequent question from users applying for DV certificates (Domain Validated Certificates) is: "I've submitted my application, how long will it take?" Many official documents will tell you "10 minutes to 1 day," a very wide and flexible range. Ultimately, there's no fixed answer to the issuance time of a DV certificate; it mainly depends on: the verification method you choose, whether the domain itself is "clean," and whether it meets the system's detection schedule of the Certificate Authority (CA).

  Why are DV certificates "fast"? Because they eliminate the most time-consuming step.

  To understand the issuance time, you first need to understand the difference between DV certificates and OV (Organization Validated) and EV (Enhanced Validation) certificates. OV/EV certificates require manual verification of the company's business license, corporate bank account, legal compliance records, etc., with a review period typically of 1-5 business days.

  DV certificates, on the other hand, only do one thing: confirm your control over the domain. The entire verification process is automated, without human intervention, thus reducing the time from "days" to "minutes."

  Complete Timeline: DV Certificate Issuance Process Breakdown

  Step 1: Application Submission (2-5 minutes)

  This step is simple. Select a CA (Certificate Authority), fill in the domain name to be protected (e.g., example.com), leave the email address to receive the certificate, and submit. No business license or other corporate qualifications are required; individuals and companies can apply.

  Step 2: Domain Ownership Verification (5-30 minutes, or even longer)

  This is the most crucial step determining the issuance speed. Different verification methods result in significantly different times:

  Method 1: DNS Verification (Recommended)

  Add a specified CNAME or TXT record with your domain name resolution service provider. If the domain name resolution service provider and the CA are the same entity (e.g., applying for a certificate from Baidu Cloud, and the domain is also on Baidu Cloud), the system will automatically add the record, and verification and issuance can be completed in 5-10 minutes.

  If the domain is with a third-party registrar, you need to manually add the DNS record. The effective time of the DNS record depends on the TTL (Time to Live) setting, and it usually takes about 10 minutes for it to be detected by the CA's server.

  Method 2: HTTP File Verification

  Create a folder named `.well-known/pki-validation` in your website's root directory, upload the verification text file provided by the CA, and ensure it's accessible via `http://yourdomain/.well-known/xxx.txt`. This method is relatively faster; as long as the server is properly configured and accessible from the internet, issuance within 10-15 minutes after successful verification is common. However, if the server has IP access restrictions or blocks foreign IPs, the CA cannot access the verification file, and verification will fail.

  Method 3: Email Verification

  Send a verification link to the email address used to register your domain. Click to confirm. This is simple, but email reception may be delayed, making it relatively slower.

  Step 3: Security Review and Issuance (1-15 minutes, or indefinitely)

  After successful verification, you might think you'll immediately receive the certificate? Not quite. The CA's system will conduct an automatic security review of your domain.

  Under normal circumstances: If the domain name does not contain sensitive words, is not on a blacklist, and passes the CA's verification, the certificate will be issued in about 20 minutes, and in many cases even faster—official data shows that the average issuance time is 1-15 minutes. GlobalSign even mentioned a record of only 8 seconds.

  Situations triggering review: If your domain name contains risky words defined by the CA, such as "bank," "pay," "wallet," "live," or well-known brand names such as "google," "apple," or "microsoft," even just a part of them, it may trigger the security review mechanism.

  Once manual review is triggered, the signing time changes from "minutes" to "days." If it still cannot pass the automatic review during the waiting period, it may take up to 1-3 business days for issuance.

  "Verification passed" does not equal "immediate issuance": The truth about the CA polling mechanism

  Many users encounter a situation where the verification tool shows "passed," but after waiting for a long time, the certificate is still "pending issuance." This is not because you have made a mistake, but because you have encountered the CA system's polling mechanism.

  Simply put, the CA system does not capture the verification status in real time. It checks verified domains in batches according to its own cycle (which could be every 15 minutes or every hour) before conducting a security review. If you happen to be in the correct batch, it can be issued in 10 minutes; if you miss the previous round, you have to wait for the next testing window.

  Key Time Points: If the verification configuration is correct, but the certificate hasn't been issued after 24 hours, it's almost certain that the security review failed. The official documentation clearly states that if a DV certificate hasn't been issued after 24 hours of verification, don't wait any longer; it won't yield any results.

  Why Does It Sometimes Take Several Hours or Even Longer?

  In summary, the core reasons for extended DV certificate issuance times fall into these categories:

  Slow DNS Resolution: After manually adding a DNS record, the TTL setting is too long or the DNS cache hasn't been refreshed, causing the CA to fail to detect the record.

  Incorrect File Verification Configuration: The verification file path is incorrect, the filename is misspelled, the .well-known directory permissions are problematic, or the server is blocking access from overseas IPs.

   Domain name contains sensitive words: Blocked by the CA's security review mechanism, requiring manual intervention.

  Non-technical reasons: OCSP (Online Certificate Status Protocol) query timeouts due to CA system maintenance, network fluctuations, etc.

  How to minimize issuance time? Practical suggestions:

  Prioritize DNS verification: One-click operation on the cloud platform, convenient and fast.

  Check domain spelling: Avoid domain names containing easily blocked sensitive words such as "bank" or "pay".

  Pre-set TTL (Time to Live): If you can control the DNS TTL in advance, lower it (e.g., 60 seconds) before adding verification records to speed up DNS activation.

  Patience after verification: If not issued within 20 minutes, it's within the normal range; if it exceeds 2 hours, check for verification configuration problems; if it exceeds 24 hours, give up decisively and consider changing the domain name or upgrading the OV/EV certificate.

DNS Anna
DNS Luna
DNS Amy
DNS NOC
Title
Email Address
Type
Information
Code
Submit