End of 2-Year DV, OV, and EV public SSL/TLS certificates

On September 1, 2020, the industry stopped issuing 2-year public SSL/TLS certificates. The new maximum validity for public DV, OV, and EV SSL/TLS certificates is 397 days (approximately 13 months). See One-Year Public-Trust SSL Certificates: DigiCert’s Here to Help.

Following industry best practices, DigiCert implemented a 397-day maximum validity for all public DV, OV, and EV SSL/TLS certificates. This practice accounts for time zone differences and prevents Certificate Authorities from mis-issuing a public SSL/TLS certificate that exceeds the new 397-day maximum validity requirement.

This industry change does not affect these types of certificates:

With the new 397-day maximum certificate validity, we recommend maximizing your SSL/TLS coverage by purchasing new public SSL/TLS certificates with a DigiCert® Multi-year Plan.

Multi-year Plans allow you to pay one discounted price for up to three years of SSL/TLS certificate coverage. With these plans, you pick the SSL/TLS certificate, the certificate validity, and the duration of coverage you want. To learn more, see Multi-year Plans.

Coverage limitations

Enterprise License Agreement (ELA) and Flat Fee contracts only support 1- and 2-year Multi-year Plans.

Pending public SSL/TLS certificate orders with a validity period greater than 397 days will automatically be converted to a Multi-year Plan.

This means:

This change doesn’t affect active 2-year certificates issued before the August 27, 2020 deadline. These certificates will continue to be trusted until they expire.

For example, on August 10, 2020, you purchase a 2-year OV SSL/TLS certificate. We issue the certificate on August 12, 2020. When the certificate nears its expiration date, instead of renewing it with another 2-year SSL/TLS certificate, you need to renew it with a 1-year certificate or order a certificate from the DigiCert® Multi-year Plan.

The shortened maximum certificate lifecycle period of 397 days impacts public 2-year SSL/TLS certificates when reissued or duplicated.

The following types of actions require you to reissue a certificate:

Now when you reissue or duplicate a 2-year public SSL/TLS certificate, the new certificate will have a maximum validity of 397 days. This means some reissued certificates will expire before the order expires.

To use the remaining validity included with the order, reissue your certificates during the order's final 397-day period. You may request reissues with a validity of up to 397 days or the expiration of the order, whichever is soonest.

You can still renew a certificate order as early as 90 days to 1 day before it expires. When you renew, DigiCert will transfer as much remaining validity as possible to the renewed certificate without exceeding the new 397-day maximum certificate validity.

Any validity that cannot be transferred directly to the certificate will be transferred to your order, and the order will be converted to a Multi-year Plan. This means your renewal order may have a longer validity period than the renewal certificate.

To use the extra validity included with the renewal order, reissue the certificates during the order's final 397-day period. You may request reissues with a validity of up to 397 days or the expiration of the order, whichever is soonest.