Yes, it would be easier to get a file, then to put one. The file could be as simple as a one line text file with a URL in it. The test would be to retrieve the file (using IPv6 and the appropriate protocol), cut-and-paste the contained URL into a browser and navigate. The URL would cause your certification record to be updated. A daily cron job could update the URL with a random code-of-the-day, to avoid cheating.
Would people (and HE) be comfortable logging in with HE certification credentials? Anonymous FTP could be used, if not, but what about SSH?