Whois Domain Control Validation Phased Out: What You Need to Know
Whois-based domain control validation (DCV) is being phased out due to security vulnerabilities and outdated data issues. By July 15, 2025, CAs will no longer support it. You'll need to switch to a more secure method if you have a domain and use this method to validate your control for SSL purchases.
Key Points
Whois-based domain control validation will be phased out by July 15, 2025(Source: [CAB Forum Link])
Alternative validation methods include email validation with pre-approved addresses, DNS TXT records and file-based validation.
Thismeans a move to more secure and reliable domain validation.
Key Dates
January 15, 2025: HTTPS web-based whois lookups for domain contact information will stop.
July 15, 2025: New Whois-based domain validations will no longer be supported. To avoid disruptions, make sure your domains are validated with the new methods before this date.
Sectigo's Dates
DigiCert Dates
Jan. 15, 2025 — Sectigo’s will prohibiting the use of WHOIS-based email validation for .nl top-level domains.
Jan. 8, 2025 — DigiCert will stop supporting manual and HTTPS web-based WHOIS lookups for domain validations.
June 15, 2025 — Sectigo will no longer support WHOIS-based email DCV and will invalidate any pre-existing DCV records.
May 8, 2025 — DigiCert will no longer accept automated WHOIS-based domain validations/IANA for new domain validations.
July 2025 — DigiCert will no longer allow the reuse of existing WHOIS-based domain validations of any kind.
Why is Whois being phased out?
The WHOIS system was once a reliable source of domain contact information but has become outdated and full of security vulnerabilities. These weaknesses make whois-based validation less effective and more prone to abuse. Fraudsters can exploit these weaknesses to get certificates by pretending to be the domain owner, which is a big security risk.
Phasing out Whois-based domain control validation addresses these security issues and moves to more robust methods. By removing the Whois system, CAs want to improve the overall security and trust of domain validation.
Alternative Domain Control Validation Methods
As whois-basedWhois domain control validation is being phased out, domain owners will need to switch to alternative validation methods:
Pre-approved validation email addresses: A simple option using email addresses like admin@yourdomain.com (Source: [CAB Forum Link])
DNS TXT Records: Add a random value provided by the CA to your domain's DNS records.
File-Based Validation: Host a file with a unique random value at a specific location on your website. (Note: Not available for wildcard domains)
Discussions and Comments
Click here to view and join in on any discussions and comments on this article.
