Filtering by: product x clear

DigiCert will stop issuing 2-year public SSL/TLS certificates

On August 27, 2020 5:59 pm MDT (23:59 UTC), DigiCert will stop issuing 2-year public SSL/TLS certificates to prepare for the industry changes to the maximum allowed validity for public SSL/TLS certificates.

After the August 27 deadline, you can only purchase 1-year public SSL/TLS certificates.

What do I need to do?

To ensure you get needed 2-year public SSL/TLS certificates before the August 27 deadline:

  • Take inventory of needed 2-year certificates—new and renewals.
  • Order any 2-year certificates that you need before August 13.
  • Respond to any domain and organization validation requests in a timely manner.

To learn how this change will affect pending certificate orders, reissues, and duplicates, see End of 2-Year DV, OV, and EV public SSL/TLS certificates.

DigiCert Services API

For those using the DigiCert Services API, you'll need to update your API workflows to account for the new maximum certificate validity of 397 days for requests placed after the August 27 deadline. See Services API.

After August 27, 2020

After August 27, you can only purchase 1-year public SSL/TLS certificates. However, to maximize your SSL/TLS coverage, purchase your new certificates with a DigiCert® Multi-year Plan. See Multi-year Plans.

Why is DigiCert making this change?

On September 1, 2020, the industry says good-bye to 2-year certificates. Going forward Certificate Authorities (CA) can only issue public DV, OV, and EV SSL/TLS certificates with a maximum validity of 398 days (approximately 13 months).

DigiCert will implement a 397-day maximum validity for all public SSL/TLS certificates as a safeguard to account for time zone differences and to avoid issuing a public SSL/TLS certificate that exceeds the new 398-day maximum validity requirement.

Check out our blog to learn more about the transition to 1-year public SSL/TLS certificates: One-Year Public-Trust SSL Certificates: DigiCert’s Here to Help.

September 18, 2018


We added support for IPv6 addresses (abbreviated and full).

You can now order public and private OV TLS/SSL certificates (SSL, Multi-Domain SSL, and Wildcard SSL, Private SSL, etc.) and include an IPv6 address as the common name or a SAN.

Note: IPv6 addresses aren't supported for EV TLS/SSL certificates (EV SSL and EV Multi-Domain SSL).

August 27, 2018


Enhancements made to Wildcard certificates. You can secure multiple wildcard domains on a single wildcard certificate.

When you order a Wildcard certificate in CertCentral, you can secure multiple wildcard domains in one wildcard certificate (*, *, and * You can still secure a single wildcard domain (* with your Wildcard certificate.

Items to note:

  • For each wildcard domain, the base domain is also secured for free (for example, * secures
  • Other Hostnames (SANs) must be a wildcard domain (for example, * or based off your listed wildcard domains. For example, if one of your wildcard domains is *, then you can add the SANs or to your certificate order.
  • Adding wildcards SANs to a certificate order may incur additional cost.

As of March 1, 2018, 825 days is the maximum allowed length for a reissued (or duplicate issued) public 3-year SSL/TLS certificate.

For a 3-year OV certificate issued after March 1, 2017, be aware that during the first year of the 3-year certificate's lifecycle, all reissued and duplicate certificates may have a shorter lifecycle than the "original" certificate, and these reissued certificates will expire first. See
How does this affect my 3-year certificate reissues and duplicate issues?.

February 21, 2018


As of February 21, 2018, DigiCert only offers 1 and 2-year public SSL/TLS certificates due to changes in industry standards that limit the maximum length of a public SSL certificate to 825 days (approximately 27 months). See February 20, 2018, Last Day for New 3-Year Certificate Orders.