In response to changes in the CA/B Forum's 'Baseline Requirements' and Mozilla policy, Comodo has implemented revised Domain Control Verification methods and policies. Starting at 19th July Comodo activated new rules for HTTP/DNS validation.
Email based DCV will remain the same process. DCV emails will however 'time out' after 30 days.
HTTP(S) based validation will change the location of where the text file must be placed, and some of the content of the file.
DNS based validation will change the format of the CNAME record and where the record points to.
Click here for a full description of the new methods.
UPDATE: 7/24/17, After Comodo received many claims, they decided to pause new updates. All Wildcard SSL still have protection of base domain and all single domain SSL secures both with/without WWW.
7/21/17. We would like to inform you that all Comodo single-domain SSL certificates activated for www.example.com are issued without free SAN example.com for now. Please activate your single-domain SSL certificates for domain.com in order to have free WWW SAN.
Changes to all Comodo Wildcard/GGSSL wildcard certificates. Now, base domain not protected, only *.domain.com + www.domain.com. domain.com without WWW not protected
Changes were done by Comodo without any pre-notifcation to anyone, which is very bad for all SSL market. Please note all existing issued SSL certs would works as usual until reissue.