Filtering by: domain validation x clear
new

Upcoming Schedule Maintenance

Some DigiCert services will be down for a total of 20 minutes during scheduled maintenance on July 9, 2022, 22:00 – 24:00 MDT (July 10, 2022, 04:00 – 06:00 UTC).

Infrastructure-related maintenance downtime

The services listed below will be down for a total of 20 minutes while we perform our infrastructure-related maintenance. The downtime consists of two 10-minute windows, one at the start and one at the end of the infrastructure-related work:

  • Start: 22:00 – 22:10 MDT (UTC -6)
  • End: 23:30 – 23:40 MDT (UTC -6)*

*The plan is to end our maintenance at approximately 23:30 MDT (UTC –6). However, if issues occur, we will need to end this work early, which means the second downtime may happen earlier than planned.


Affected services

CertCentral® / Services API

  • Unable to access your CertCentral account.
  • Services API will be unable to process requests.
  • APIs will return a "503 Service is unavailable" error.
  • Resubmit failed requests after services are restored.

CertCentral Automation / API

  • Reschedule automation events around maintenance.
  • If automation events cannot be rescheduled, retry failed events after services are restored.

Discovery / API

  • Reschedule Discovery scans around maintenance.
  • If scans cannot be rescheduled, retry failed scans after services are restored.

Direct Cert Portal / API

  • Unable to access your Direct Cert Portal account
  • Direct Cert Portal API will be unable to process requests.
  • APIs will return a "503 Service is unavailable" error.
  • Resubmit failed requests after services are restored.

QuoVadis® TrustLink® certificate issuance

  • TrustLink certificate requests submitted during this time will be delayed
  • Requests will be queued and processed after services are restored

PKI Platform 8 new domain and organization validation

  • New domains submitted for validation during this time will be delayed.
  • New organizations submitted for validation during this time will be delayed.
  • Requests will be queued and processed after services are restored.


What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2022 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

new

Upcoming Schedule Maintenance

Update: There is no planned downtime during maintenance on May 7, MDT (May 8, UTC).

DigiCert will perform scheduled maintenance on May 7, 2022, between 22:00 – 24:00 MDT (May 8, 2022, between 04:00 – 06:00 UTC). Although we have redundancies to protect your services, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • See the DigiCert 2022 maintenance schedule for maintenance dates and times.

Services will be restored as soon as we complete the maintenance.

new

Upcoming Schedule Maintenance

DigiCert will perform scheduled maintenance on April 2, 2022, between 22:00 – 24:00 MDT (April 3, 2022, between 04:00 – 06:00 UTC). During this time, some services may be down for up to two hours.

Note: Maintenance will be one hour earlier for those who don't observe daylight savings.

Infrastructure-related maintenance downtime

We will start this infrastructure-related maintenance at 22:00 MDT (04:00 UTC). Then the services listed below may be down for up to two hours.

CertCentral® TLS certificate issuance:

  • TLS certificate requests submitted during this time will fail
  • Failed requests should be resubmitted after services are restored

CIS and CertCentral® SCEP:

  • Certificate Issuing Service (CIS) will be down
  • CertCentral Simple Certificate Enrollment Protocol (SCEP) will be down
  • Requests submitted during this time will fail
  • CIS APIs will return a "503 Service is unavailable" error
  • Failed requests should be resubmitted after services are restored

Direct Cert Portal new domain and organization validation:

  • New domains submitted for validation during this time will fail
  • New organizations submitted for validation during this time will fail
  • Failed requests should be resubmitted after services are restored

QuoVadis® TrustLink® certificate issuance:

  • TrustLink certificate requests submitted during this time will be delayed
  • Requests will be added to a queue for processing later
  • Queued-up requests will be processed after services are restored

PKI Platform 8 new domain and organization validation:

  • New domains submitted for validation during this time will fail
  • New organizations submitted for validation during this time will fail
  • Requests will be added to a queue for processing later
  • Queued-up requests will be processed after services are restored
  • Access to User Authorization Agent (UAA) services will be disabled: both the UAA Admin and User web portals

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2022 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

new

Upcoming Schedule Maintenance

DigiCert will perform scheduled maintenance on March 5, 2022, between 22:00 – 24:00 MST (March 6, 2022, between 05:00 – 07:00 UTC). During this time, some services may be down for up to two hours.

Infrastructure-related maintenance downtime

We will start this infrastructure-related maintenance at 22:00 MST (05:00 UTC). Then the services listed below may be down for up to two hours.

CertCentral™ TLS certificate issuance:

  • TLS certificate requests submitted during this time will fail
  • Failed requests should be resubmitted after services are restored

CIS and CertCentral™ SCEP:

  • Certificate Issuing Service (CIS) will be down
  • CertCentral Simple Certificate Enrollment Protocol (SCEP) will be down
  • Requests submitted during this time will fail
  • CIS APIs will return a "503 Service is unavailable" error
  • Failed requests should be resubmitted after services are restored

Direct Cert Portal new domain and organization validation:

  • New domains submitted for validation during this time will fail
  • New organizations submitted for validation during this time will fail
  • Failed requests should be resubmitted after services are restored

QuoVadis™ TrustLink™ certificate issuance:

  • TrustLink certificate requests submitted during this time will be delayed
  • Requests will be added to a queue for processing later
  • Queued-up requests will be processed after services are restored

PKI Platform 8 new domain and organization validation:

  • New domains submitted for validation during this time will fail
  • New organizations submitted for validation during this time will fail
  • Requests will be added to a queue for processing later
  • Queued-up requests will be processed after services are restored

What can I do?

Plan accordingly:

  • Schedule high-priority orders, renewals, and reissues before or after the maintenance window.
  • Expect interruptions if you use the APIs for immediate certificate issuance and automated tasks.
  • To get live maintenance updates, subscribe to the DigiCert Status page. This subscription includes email alerts for when maintenance begins and when it ends.
  • For scheduled maintenance dates and times, see DigiCert 2022 scheduled maintenance.

Services will be restored as soon as we complete the maintenance.

enhancement

CertCentral Domains and Domain details pages: Improved domain validation tracking

We updated the Domains and Domain details pages to make it easier to track and keep your domains' validation up to date. These updates coincide with last year's industry changes to the domain validation reuse period*. Keeping your domain validation current reduces certificate issuance times: new, reissue, duplicate issues, and renewals.

*Note: On October 1, 2021, the industry reduced all domain validation reuse periods to 398 days. DigiCert implemented a 397-day domain validation reuse period to ensure certificates aren't issued using expired domain validation. For more information about this change, see our knowledge base article, Domain validation policy changes in 2021.

Domains page improvements

When you visit the Domains page (in the left main menu, select Certificates > Domains), you will see three new columns: DCV method, Validation status, and Validation expiration. Now you can view the domain control validation (DCV) method used to demonstrate control over the domain, the status of the domain's validation (pending, validated, expires soon, and expired), and when the domain validation will expire.

Because OV and EV validation reuse periods are the same, we streamlined the Validation status sorting feature. Instead of showing separate filters for OV validation and EV validation, we only show one set of filters:

  • Completed / Validated
  • Pending validation
  • Expires in 0 - 7 days
  • Expires in 0 - 30 days
  • Expires in 31 - 60 days
  • Expires in 61 - 90 days
  • Expired

Domain details page improvements

When you visit a domain's details page (on the Domains page, select a domain), you will now see a status bar at the top of the page. This status bar lets you view the domain's validation status, when the domain's validation expires, when the domain's validation was most recently completed, and the DCV method used to demonstrate control over the domain.

We also updated the Domain validation status section of the page. We replaced the separate entries for OV and EV domain validation statuses with one entry: domain validation status.

compliance

Industry changes to file-based DCV (HTTP Practical Demonstration, file auth, file, HTTP token, and HTTP auth)

To comply with new industry standards for the file-based domain control validation (DCV) method, you can only use the file-based DCV to demonstrate control over fully qualified domain names (FQDNs), exactly as named.

To learn more about the industry change, see Domain validation policy changes in 2021.

How does this affect me?

As of November 16, 2021, you must use one of the other supported DCV methods, such as Email, DNS TXT, and CNAME, to:

  • Validate wildcard domains (*.example.com)
  • To include subdomains in the domain validation when validating the higher-level domain. For example, if you want to cover www.example.com, when you validate the higher-level domain, example.com.
  • Prevalidate entire domains and subdomains.

To learn more about the supported DCV method for DV, OV, and EV certificate requests:

compliance

CertCentral: Pending certificate requests and domain prevalidation using file-based DCV

Pending certificate request

If you have a pending certificate request with incomplete file-based DCV checks, you may need to switch DCV methods* or use the file-based DCV method to demonstrate control over every fully qualified domain name, exactly as named, on the request.

*Note: For certificate requests with incomplete file-based DCV checks for wildcard domains, you must use a different DCV method.

To learn more about the supported DCV methods for DV, OV, and EV certificate requests:

Domain prevalidation

If you plan to use the file-based DCV method to prevalidate an entire domain or entire subdomain, you must use a different DCV method.

To learn more about the supported DCV methods for domain prevalidation, see Supported domain control validation (DCV) methods for domain prevalidation.

compliance

CertCentral Services API

If you use the CertCentral Services API to order certificates or submit domains for prevalidation using file-based DCV (http-token), this change may affect your API integrations. To learn more, visit File-based domain control validation (http-token).

enhancement

CertCentral Services API: Domain management enhancements

To make it easier to maintain active validation for domains in your account, we added new filters, response fields, and a new endpoint to our domain management APIs. With these updates, you can:

  • Find domains with OV and EV validation reuse periods that are expired or expiring soon.
  • Find domains affected by the September 27, 2021 policy change to shorten OV domain validation reuse periods.*

Enhanced APIs: List domains and List subaccount domains

We made the following enhancements to the List domains and List subaccount domains endpoints:

  • Added validation filter values
    On September 27, 2021*, existing OV domain validation reuse periods will shorten to 397 days from the date validation was completed. For some domains, the reduced validation period will have already expired, or will expire before the end of 2021.

    To help you find these domains so you can resubmit them for validation, we added a new value for the validation filter: shortened_by_industry_changes. We also added filter values to help you find domains with OV or EV domain validation periods that expire in different timeframes. The new validation filter values include:
    • shortened_by_industry_changes
    • ov_expired_in_last_7_days
    • ov_expiring_within_7_days
    • ov_expiring_within_30_days
    • ov_expiring_from_31_to_60_days
    • ov_expiring_from_61_to_90_days
    • ev_expired_in_last_7_days
    • ev_expiring_within_7_days
    • ev_expiring_within_30_days
    • ev_expiring_from_31_to_60_days
    • ev_expiring_from_61_to_90_days
  • Added fields to the dcv_expiration object
    You can now submit a request that returns the following fields in the dcv_expiration object: ov_shortened, ov_status, ev_status, and dcv_approval_date. These fields only return if your request includes the newly added query string filters[include_validation_reuse_status]=true.
  • Added dcv_method filter
    We added the option to filter domains by domain control validation (DCV) method. To use this filter, append the query string filters[dcv_method]={{value}} to the request URL. Possible values are email, dns-cname-token, dns-txt-token, http-token, and http-token-static.

Enhanced API: Domain info
You can now submit a request to the Domain info endpoint that returns the following fields in the dcv_expiration object: ov_shortened, ov_status, ev_status, and dcv_approval_date. These fields only return if your request includes the newly added query string include_validation_reuse_status=true.


New API: Expiring domains count

We added a new endpoint that returns the number of domains in your account with expired or expiring OV or EV domain validations. For more information, see Expiring domains count.

*On September 27, 2021, the expiration date for existing OV domain validations will shorten to 397 days from the date validation was completed. Learn more about this policy change: Domain validation changes in 2021.

enhancement

CertCentral Services API: Improved domains array in OV/EV order response

To make it easier to see how the Services API groups the domains on your OV/EV TLS certificate orders for validation, we added a new response parameter to the endpoints for submitting certificate order requests: domains[].dns_name.*

The dns_name parameter returns the common name or SAN of the domain on the order. To prove you control this domain, you must have an active validation for the domain associated with the domains[].name and domains[].id key/value pairs.

Example OV certificate order

JSON payload:

JSON payload

JSON response:

JSON response

The Services API returns the domains[].dns_name parameter in the JSON response for the following endpoints:

*Note: Only order requests for OV/EV TLS certificates return a domains array.

enhancement

CertCentral Services API: Domain validation status in Domain info response

To make it easier to get a comprehensive validation status for your domains, DigiCert is deprecating the status parameter in the Domain info response. To ensure you are getting complete and accurate status information for each different validation type on your domains, you should use the validations array when you call the Domain info endpoint from your API integrations instead.

Note: The Domain info endpoint will continue to return a status parameter value.

Background

In the Domain info response, the status parameter is designed to return a single string value. When DigiCert offered fewer products, a single value in the API was enough to represent the validation status for your domains.

Now, DigiCert offers certificate products that use many different types of validation. Different validation types have different requirements, and these requirements change as industry standards evolve. As DigiCert validates your domains for different types of certificate issuance, each type of validation that you request can be in a different state.

For example:

  • The OV validation for a domain may be completed.
  • The EV validation for the same domain may be expired.

As a result, DigiCert can no longer use a single value to return comprehensive information about the validation status for a domain.

Instead of relying on a single value, use the Domain info endpoint to request a validations array – a list of objects with status information for each type of validation on the domain. To get this data, include the query parameter include_validation=true when you submit your request.

For example:

Example validations array in domain info response data

Learn more about using the Domain info endpoint

enhancement

CertCentral Services API: Added DCV tokens for new domains to response data for OV and EV certificate orders

We've updated the endpoints for ordering public OV and EV SSL certificates to return the domain control validation (DCV) request tokens for new domains on the order.

Now, when you request an OV or EV certificate, you no longer have to issue separate requests to get the DCV request tokens for the new domains on the order. Instead, you can get the tokens directly from the response data for the order request.

Example response data:

Example response for an OV order with a new domain

Note: The dcv_token object is not returned for domains that will be validated under the scope of another domain on the order, for domains that already exist in your account, or for subdomains of existing domains.

This update applies to the following endpoints:

new

Discovery now available in all CertCentral accounts

We are happy to announce that all existing CertCentral accounts now include Discovery, our newest and most robust certificate discovery tool.

Note: For those who were using Certificate Inspector, Discovery replaces our long time DigiCert tool, Certificate Inspector.

By default, Discovery includes Cloud scan and a Sensor scan trial with a 100-certificate limit.

Cloud scan

Cloud scan uses a cloud-based sensor, so there is nothing to install or manage. You can start scanning immediately to find all your public facing SSL/TLS certificates regardless of issuing Certificate Authority (CA). Cloud-scan runs once every 24 hours.

Sensor scan

Sensor scan is our most robust version of Discovery. It uses sensors to scan your network to quickly find all your internal and public facing SSL/TLS certificates regardless of the issuing Certificate Authority (CA). Discovery also identifies problems in certificate configurations and implementations along with certificate-related vulnerabilities or problems in your endpoint configurations.

Scans are centrally configured and managed from inside your CertCentral account. Scan results are displayed in an intuitive and interactive dashboard inside CertCentral. Configure scans to run once or multiple times on a set schedule.

  • To learn how to install a sensor and start scanning your SSL/TLS certificate landscape, see Discovery user guide.
  • To continue to use Sensor scan after the trial period is over, please contact your account manager or our Support team.
new

Discovery audit logs

Discovery has added a new feature—Discovery Audit Logs—allowing you to track Discovery-related activities in your CertCentral account. These audit logs provide insight into user activity enabling you to see areas where training may be required, reconstruct events to troubleshoot problems, detect misuse, and discover problem areas.

To make it easier to sort through the information in the Discover audit logs, we've include several filters:

  • Date range
  • Division
  • User
  • IP Address
  • Actions
    (e.g., void sensor, delete scan, etc.)

To access the Discovery Audit Log, in your CertCentral account, in the left main menu, go to Account > Audit Logs. On the Audit Logs page, click Discovery Audit Logs.

new

Discovery language support

As we work to globalize our product offerings and make our websites, platforms, and documentation more accessible, we are happy to announce that we've added language support to Discovery in CertCentral.

Now, when configuring your language preference in CertCentral, Discovery is included in the configuration.

To configure your language preference

In your account, in the top right corner, in the "your name" drop-down list, select My Profile. On the Profile Settings page, in the Language dropdown, select a language and click Save Changes.

See CertCentral language preferences.

fix

Bug fix: DV certificate orders did not honor Submit base domains for validation account setting

We fixed a bug in the DV certificate domain control validation (DCV) process where DV certificate orders did not adhere to the Submit base domains for validation account setting.

Note: For DV certificate orders, you were required to validate the domain exactly as named in the order.

Now, DV certificate orders honor the Submit base domains for validation account setting, allowing you to validate your subdomains at the base domain level on your DV certificate orders.

To view the Domain Validation Scope settings in your account, go to Settings > Preferences. On the Division preferences page, expand +Advanced Settings. The Domain Validation Scope settings are in the Domain Control Validation (DCV) section.

enhancement

Updates to the Domain details page

We simplified the Domain Validation section on the Domain details page to display only two validation types with their expiration dates: OV and EV. We also updated the page to show the domain validation expiration dates calculated from when the Domain Control Verification (DCV) was completed (OV: +825 days, EV: +13 months).

Note: Previously, you could see up to two other validation types: Grid and Private. Grid certificates have the same validity period as OV: 825 days. Domain validation is not required for private certificates as these certificates are not publicly trusted.

To view a domain's validation expiration dates, in the left main menu, go to Certificates > Domains. On the Domains page, locate the domain and click its Domain Name link. On the Domain details page, under Domain Validation, view your domain validations and when they expire.

enhancement

CertCentral Services API: Improved List domains and Domain info endpoints

In the DigiCert Services API, we updated the List domains and Domain info endpoints, enabling you to see when the domain control validations (DCV) for the domain expire: OV and EV validations. This new information is only returned in the response if you include the URL query string include_validation=true.

Now, when you get a list of all domains or information about a specific domain and you include the URL query string include_validation=true, you can see when the DCVs for the domain expire.

Example requests with the URL query string:

  • Domain info
    https://www.digicert.com/services/v2/domain/{{domain_id}}? include_validation=true
  • List domains
    https://www.digicert.com/services/v2/domain?include_validation=true

Example response – domain control validation (DCV) expiration dates

Example response with DCV expiration dates

fix

Removed "Pending" column from Domains page

We found a bug on the Domains page preventing us from providing accurate information about a domain's pending validations. As a temporary solution, we are removing the Pending column from the page until a permanent fix can be deployed.

To view if a domain has pending validations, in the left main menu, go to Certificates > Domains. On the Domains page, locate the domain and click its Domain Name link. On the Domain details page, under Domain Validation, check to see if the domain has pending validations: OV and EV.

fix

We fixed a bug on the pending SSL certificate's order details page where the link for a pending domain that provides you with actions to prove control over a domain was broken.

Now, when you go to a pending certificate's order details page and click the link for a pending domain, the Prove Control Over Domain window opens where you can choose a DCV method to prove control over that domain.

fix

We fixed a domain validation display bug on the order details pages where domains with expired validations were showing a completed status with no actions for completing the domain validation.

Now, when you go to an order's details page, we show a pending validation status symbol next to the domain along with actions for completing the domain validation. (In the sidebar menu, click Certificates > Orders and then on the Orders page click the order number.)