...

1. Make sure that you are not having CAA records in your DNS zone that forbids Sectigo from issuing certificates for the domain. If that is the case, domain validation will fail too. Having no CAA records is OK, as is having CAA records mentioning "sectigo.com" as approved.
2. Go to Domains  and press the  button. Fill in the domain name (example.org) and the optional description. Select the type of certificates (SSL, client, CS) that should be enabled for this domain. For your main domain you would typically enable all of them, but for most additional domains you would only enable SSL certificates. If you have set up Departments and this domain should be delegated to the DRAOs of that department, expand the selection line and enable the domain for the right department and the appropriate types too.
3. If you need wildcard certificates for the domain, use Use  again, and redo exactly the same step for the domain name with "*." prepended to it (*.example.org in our example). 2021-11-23: this is our current understanding based on status badges shown following the recent update of the interface. We have earlier believed based on information during the onboarding process that this was needed to enable any certificates below the added domain. If you do not add thiis and have problems issuing non-wildcard-certificates for names under the domain, please tell us.)If you do not do this step, you will only be able to issue certificates for the domain name itself (example.org) but not for names below it (such as www.example.org).
4. Wait for a SUNET MRAO to approve your domain delegations. When this is done, the delegation status will be approved and you can proceed to the next step.
5. Go to Domains and select the domain. Use the Validate button on the Domain Control Validation card to the right to initiate DCV. Select method:
   • Email means that your select one of the five allowed addresses for the domain, and then receive and handle an email sent to that address. For our example, it would be one of "admin@example.org", "administrator@example.org", "hostmaster@example.org", "postmaster@example.org" or "webmaster@example.org".
   • CNAME means that you will be instructed to put a CNAME record with a hash value name in your DNS zone, pointing to another hash value. The system will tell you the values. Please verify using an external resolver that the CNAME record is in place and externally visible.
   • Do not use HTTP/HTTPS. This method means that you will be instructed to put certain contents in a file with a certain name on the web server for your domain name. As of November 2021, this method is not enough to cover names below the validated name itself. See Sectigo notification about this.
6. Follow the instructions for the method you selected. 
7. When the validation is OK, you will see Validation Status as Validated in the Domain Control Validation card.
8. You are now ready to use this domain and its subdomains for certificate requests.

...