Filtering by: reissues x clear

CertCentral Services API: Archive and restore certificates

To give API clients the option to hide unused certificates from API response data, we released new API endpoints to archive and restore certificates. By default, archived certificates do not appear in response data when you submit a request to the List reissues or List duplicates API endpoints.

New API endpoints

Updated API endpoints

We updated the List reissues and List duplicates endpoints to support a new optional URL query parameter: show_archived. If the value of show_archived is true, the response data includes archived certificates. If false (default), the response omits archived certificates.


CertCentral Services API: Auto-reissue support for Multi-year Plans

We are happy to announce that the CertCentral Services API now supports automatic certificate reissue requests (auto-reissue) for Multi-year Plans. The auto-reissue feature makes it easier to maintain SSL/TLS coverage on your Multi-year Plans.

You can enable auto-reissue for individual orders in your CertCentral account. When auto-reissue is enabled, we automatically create and submit a certificate reissue request 30 days before the most recently issued certificate on the order expires.

Enable auto-reissue for a new order

To give you control over the auto-reissue setting for new Multi-year Plans, we added a new request parameter to the endpoints for ordering DV, OV, and EV TLS/SSL certificates: auto_reissue.

By default, auto-reissue is disabled for all orders. To enable auto-reissue when you request a new Multi-year Plan, set the value of the auto_reissue parameter to 1 in the body of your request.

Example request body:

Example order request body with auto reissue enabled

Note: In new order requests, we ignore the auto_reissue parameter if:

  • The product does not support Multi-year Plans.
  • Multi-year Plans are disabled for the account.

Update auto-reissue setting for existing orders

To give you control over the auto-reissue setting for existing Multi-year Plans, we added a new endpoint: Update auto-reissue settings. Use this endpoint to enable or disable the auto-reissue setting for an order.

Get auto-reissue setting for an existing order

To help you track the auto-reissue setting for existing certificate orders, we added a new response parameter to the Order info endpoint: auto_reissue. The auto_reissue parameter returns the current auto-reissue setting for the order.


ICA certificate chain selection for public DV flex certificates

We are happy to announce that select public DV certificates now support Intermediate CA certificate chain selection:

  • GeoTrust DV SSL
  • Thawte SSL 123 DV
  • RapidSSL Standard DV
  • RapidSSL Wildcard DV
  • Encryption Everywhere DV

You can add a feature to your CertCentral account that enables you to control which DigiCert ICA certificate chain issues the end-entity certificate when you order these public DV products.

This feature allows you to:

  • Set the default ICA certificate chain for each supported public DV certificate.
  • Control which ICA certificate chains certificate requestors can use to issue their DV certificate.

Configure ICA certificate chain selection

To enable ICA selection for your account:

  1. Contact your account manager or our Support team.
  2. Then, in your CertCentral account, in the left main menu, go to Settings > Product Settings.
  3. On the Product Settings page, configure the default and allowed intermediates for each supported and available DV certificate.

For more information and step-by-step instructions, see the Configure the ICA certificate chain feature for your public TLS certificates.


DigiCert Services API: DV certificate support for ICA certificate chain selection

In the DigiCert Services API, we made the following updates to support ICA selection in your DV certificate order requests:

Pass in the issuing ICA certificate's ID as the value for the ca_cert_id parameter in your order request's body.

Example DV certificate request:

Example DV TLS certificate request

For more information about using ICA selection in your API integrations, see DV certificate lifecycle – Optional ICA selection.


Signature Hash option on EV Code Signing certificate reissues

We updated our Extended Validation (EV) Code Signing reissue process. Now, when reissuing an EV Code Signing certificate, you can select the signature hash for the certificate: SHA-256 or SHA-1.

For more information, see our Reissue or re-key an EV Code Signing certificate instructions.


We fixed a pending certificate reissue bug where we listed domains dropped from the original or previously issued certificate in the You Need To section on the pending reissue's Order # details page.

This issue only affected domains with expired domain validation. If you removed a domain with up-to-date domain validation, we didn't include it in the You Need To section.

Note: You were only required to complete the DCV for the domains you included in your reissue request. You could ignore the domains you had removed. Additionally, when we reissued your certificate, we didn't include the domains dropped from the original or previously issued certificate in the reissue.

Now, when you reissue a certificate and remove domains included in the original or previously issued certificate, we only show the domains included in the reissue request with pending domain validation in the You Need To section on the pending reissue's Order # details page.


We fixed a duplicate certificate orders bug where we added the original certificate requestor as the requestor on all duplicate certificate orders, regardless of who requested the duplicate.

Now, on duplicate certificate orders, we add the name of the user who requested the duplicate.

Note: This fix is not retroactive and doesn't affect issued duplicate certificate orders.


In the DigiCert Services API, we fixed a bug in the List duplicates endpoint where we weren’t returning the name of the requestor on duplicate certificate orders.

Now, when you use the List duplicates endpoint, we return the name of the user requesting the duplicate certificate.

To fix this issue, we added some new response parameters enabling us to return the name of the requestor in the response:

…user_id= Requestor's user ID
…firstname= Requestor's first name
…lastname= Requestor's last name

Example List duplicates endpoint response