CertCentral

Some DigiCert services will be down for approximately 10 minutes during scheduled Europe maintenance on September 7, 2024, 17:00 - 19:00 CEST (15:00 - 17:00 UTC).

How does this affect me?

The maintenance starts at 17:00 CEST (UTC 15:00). At this time, TrustLink Enterprise and the ADSS signing services will be down for approximately 10 minutes.

Affected services:

What can I do?

Plan accordingly:

Services will be restored as soon as the maintenance is completed.

DigiCert will perform scheduled maintenance on September 7, 2024, 22:00 – 24:00 MDT (September 8, 2024, 04:00 – 06:00 UTC).

How does this affect me?

Although we have redundancies to protect your services, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

Services will be restored as soon as the maintenance is completed.

We are happy to announce that you can now add custom, allowed validity periods to your TLS certificate request forms. For example, if you want all your Basic OV certificate orders to have a 180-day validity, go to the Product Settings page for a Basic OV certificate and add a 180-day custom validity period to the request form.

See for yourself

We will add a 180-day custom validity period to the Basic OV certificate request forms in this example.

Screenshots

On September 3, 2024, DigiCert will remove all public Secure Email (S/MIME) Intermediate CAs from our S/MIME certificate issuance process that don’t comply with the S/MIME Baseline Requirements in CA/Browser Forum.

For more details about the affected S/MIME certificates and which ICA certificates we are replacing, see our knowledge base article, New Secure Email (S/MIME) Intermediate CA certificates 2024.

ICA certificate replacements

See the DigiCert Trusted Root Authority Certificates page to download copies of DigiCert ICA and root certificates.

How does switching ICA certificates affect me?

If you install the DigiCert-provided ICA certificate included with your issued Secure Email (S/MIME) certificate, this change will not affect you, and no action will be required. Starting September 3, 2024, the new default ICA certificate will automatically come with your issued Secure Email (S/MIME) certificate (new, renewal, or reissued).

How does switching ICA certificates affect my existing certificates?

Rolling out new ICA certificates does not affect existing certificates. Valid Secure Email (S/MIME) certificates issued from a replaced ICA certificate continue to be trusted until they expire.

Starting September 3, 2024, DigiCert will issue new, renewed, and reissued Secure Email (S/MIME) certificates from new ICA certificates.

Best practices

We recommend always including the DigiCert-provided ICA certificate with every certificate you install. This recommendation has always been the best practice to ensure that ICA certificate replacements do not disrupt your certificate-related processes and that your certificates are trusted.

To make it easier for administrators to approve or reject certificate revocation requests, we now show the reason for the revocation on the pending certificate revoke requests. If the reason for the revocation is a key compromise, we also show the revocation date*.

Example: Revoke request for key compromise

*Note: When revoking a code signing certificate because the private key was compromised, you can set the revocation date to a specific date if you know when the key compromise happened. Code signing signatures applied before the key compromise date remain valid and trusted. Only signatures applied after that date are invalidated and untrustworthy.

To make it easier to track high-risk domains on a pending certificate order, we now include a Check domain risk section when an order includes high-risk domains. DigiCert is responsible for completing the high-risk check. The check returns one of the following statuses: pending, approved, or rejected.

When a domain fails the high-risk check, you can do one of the following:

The domain risk information appears on the Order details page, on the Details tab, in the Certificate status section.

On August 19, 2024, at 09:00 MDT (15:00 UTC), DigiCert will shut down our Symantec timestamping service. DigiCert customers who are still relying on this service must use the DigiCert timestamping service instead.

How does this affect me?

Do your code or document signing signatures use the Symantec timestamping URLs listed below?

No, I don't use the Symantec timestamping service.

Then, no action is required. This change will not affect your signing processes or signed code and documents.

Yes, I use the Symantec timestamping service.

Then, action is required. This change may affect software build processes, end users trying to verify if a software update is legitimate or end users trying to verify that a signed document is still valid.

For example:

What do I need to do?

By August 19, 2024, you must update your code signing and document signing processes to use the DigiCert timestamping URL: timestamp.digicert.com.

Additionally, you may need to add the DigiCert timestamping service domain or IP address to your allowlist:

How does this affect existing signatures with Symantec timestamp URLs?

Code and document signing signatures using Symantec timestamping service timestamps applied before August 19 are not affected by this change. You can continue to rely on this timestamping service to verify that your code and document signatures are valid and that the signed code and documents have not been modified or corrupted.

DigiCert has postponed shutting down our Symantec timestamping service to August 19, 2024. See our August 19. 2024 change log entry.

We updated the DigiCert CertCentral Sign in pages. The next time you sign in to your account, the page will have a new look with a new Other sign-in options menu that includes the following options:

Preview the new CertCentral sign in pages

CertCentral implemented a 30 verified contact limit for adding "new" verified contacts to a certificate request. Now, you can only add up to 30 "new" verified contacts to an EV TSL, Code Signing, EV Code Signing, or Verified Mark certificate request.

This 30 "new" verified limit affects certificate requests made via CertCentral and CertCentral Services API integration.

How does this affect me?

The next time you request a certificate that requires verified contacts, you can only add up to 30 "new" verified contacts.

Is there a limit for adding "existing" verified contacts?

No, there is no limit on the number of "existing" verified contacts you can add. Add as many as needed to get the order approved. However, only one must approve the order.

The ADSS signing services will be down for approximately 30 minutes during scheduled Europe maintenance on August 3, 2024, 09:00 - 11:00 MDT (15:00 - 17:00 UTC).

How does this affect me?

The ADSS signing service maintenance starts at 09:00 MDT (UTC 15:00). At this time, the ADSS signing services in our Document Trust Manager and TrustLink Enterprise Netherlands and Switzerland locations will be down for approximately 30 minutes.

Affected services:

What can I do?

Plan accordingly:

Services will be restored as soon as the maintenance is completed.

DigiCert will perform scheduled maintenance on August 3, 2024, 22:00 – 24:00 MDT (August 4, 2024, 04:00 – 06:00 UTC).

How does this affect me?

Although we have redundancies to protect your services, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

Services will be restored as soon as the maintenance is completed.

On July 30, 2024, at 10:00 MDT (16:00 UTC), DigiCert will assign new dedicated IPv6 addresses to our Online Certificate Status Protocols (OCSPs), Certificate Revocation Lists (CRLs), and a few other DigiCert services.

For more details about the new IPv6 addresses, see our knowledge base article, DigiCert Certificate Status IP Addresses.

What do I need to do?

Does your company use allowlists, and does it support or plan to support IPv6 addresses?

Affected platforms

DigiCert has postponed shutting down our Symantec timestamping service to August 19, 2024. See our August 19. 2024 change log entry.

DigiCert has postponed shutting down our Symantec timestamping service to August 19, 2024. See our August 19. 2024 change log entry.

We are happy to announce that we now support a new domain control validation (DCV) method in CertCentral and the CertCentral Services API—HTTP Practical Demonstration with unique filename.

How does HTTP Practical Demonstration with unique filename work?

With this method, you host a file with a random filename that contains a DigiCert-generated random value (provided for the domain in your CertCentral account) at a predetermined location on your website, for example http://{domain-name}/.well-known/pki-validation/9ur837JIY4134jc20J39jdl3.txt.

Once the file is created and placed on your site, DigiCert visits the specified URL to confirm the presence of our random value.

Example use case

Use 302 redirects to point addresses to a central authentication server. The server hosts all HTTP authentication files with unique file names.

Documentation

API documentation

The QuoVadis TrustLink Enterprise Netherlands instance will be down for approximately 40 minutes during scheduled Europe maintenance on July 13, 2024, 09:00 - 11:00 MDT (15:00 - 17:00 UTC).

How does this affect me?

The maintenance starts at 15:00 UTC. From 09:00 – 09:40 MDT (15:00 to 15:40 UTC), our TrustLink Enterprise Netherlands instance will be down for approximately 40 minutes while we do infrastructure-related maintenance requiring server restarts.

Affected QuoVadis Services

TrustLink Enterprise Netherlands instance

API notes

What can I do?

Plan accordingly:

Services will be restored as soon as the maintenance is completed.

DigiCert will perform scheduled maintenance on July 13, 2024, 22:00 – 24:00 MDT (June 2, 2024, 04:00 – 06:00 UTC).

How does this affect me?

Although we have redundancies to protect your services, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

Services will be restored as soon as the maintenance is completed.

On July 11, 2024, DigiCert updated the minimum password length requirements for CertCentral from 10 to 12 characters. If your password is less than 12 characters, the next time you change it (your password expired or you forgot it), you will be required to create a 12-character password instead of a 10- or 11-character one.

What do I need to do?

No action is required. If your password is less than 12 characters, CertCentral will require you to start using a 12-character password the next time you need to change it. However, DigiCert recommends changing it the next time you sign in to CertCentral.

How do I change my password?

We are happy to announce that we improved the CSR browser generation option for Secure Email certificates. Now, you can choose the algorithm and key size for generating your CSR via your browser.

Previously, the CSR browser generation option only supported RSA 2048-bit certificates.

See for yourself

For more detailed instructions on how to order your Secure Email certificate, see Secure Email Certificates.

We are happy to announce that you can now use the RSASSA-PSS signing algorithm to sign your emails when placing Secure Email certificate orders in CertCentral. Previously, this was only supported when placing Secure Email certificate orders via the Services API. See the change log entry for December 13, 2023.

Items to note about the RSASS-PSS signing algorithm:

See for yourself

For more detailed instructions on how to order your Secure Email certificate, see Secure Email Certificates.

On June 26, 2024, at 10:00 MDT (16:00 UTC), DigiCert will move the default issuance of public Secure Email (S/MIME) certificates to new industry-compliant public intermediate CA (ICA) certificates.

For more details about the affected S/MIME certificates and which ICA certificates we are replacing, see our knowledge base article, New Secure Email (S/MIME) Intermediate CA certificates 2024.

ICA certificate replacements

To download copies of DigiCert ICA and root certificates, see the DigiCert Trusted Root Authority Certificates page.

How does switching ICA certificates affect me?

If you install the DigiCert-provided ICA certificate included with your issued Secure Email (S/MIME) certificate, this change will not affect you, and no action will be required. Starting June 26, 2024, the new default ICA certificate will automatically come with your issued Secure Email (S/MIME) certificate (new, renewal, or reissued).

How does switching ICA certificates affect my existing certificates?

Rolling out new ICA certificates does not affect existing certificates. Active Secure Email (S/MIME) certificates issued from a replaced ICA certificate continue to be trusted until they expire.

Starting June 26, 2024, DigiCert will issue new, renewed, and reissued Secure Email (S/MIME) certificates from new ICA certificates. When installing your S/MIME certificates, always include the DigiCert-provided ICA certificate.

Best practice

We recommend always including the DigiCert-provided ICA certificate with every certificate you install. This recommendation has always been the best practice to ensure that ICA certificate replacements do not disrupt your certificate-related processes and that your certificates are trusted.

PKI Platform 8 items to note

Starting June 26, 2024, DigiCert will begin migrating your PKI Platform 8 public S/MIME issuance to the new, industry-compliant, shared CA. See ICA certificate replacements above.

Those using Local Key Management Storage (LKMS) to store their private keys must add the new ICA certificate to their local LKMS once available. Otherwise, you cannot continue to store your private keys locally.

What if I need more time before switching ICA certificates?

Contact your account manager or DigiCert Support. We will set up your account so you can continue to use the ICA certificates you are using now.

However, on September 3, 2024, DigiCert must move you to the new ICA certificates. The current ICA certificates are no longer industry-compliant and cannot be used to issue Secure Email (S/MIME) certificates after that date.

Tired of replacing API keys when a developer gets promoted, changes departments, retires, or leaves the company?

We are happy to announce that you can now create user-independent API keys for your CertCentral account. Instead of adding an API key linked directly to a user in your account, you can create a service user.

What is a service user?

A service user has API-only access to your account. Only administrators can create service users. When creating a service user, you link the administrator's permissions to the key.

By default, the service user is authorized to perform any actions the administrator can. However, you can limit the API key permissions as needed.

When managing your service users, you can create multiple service users, or you can create a service user and add multiple API keys for the service user.

See for yourself

Exit or continue the process as needed. For more detailed instructions, see Generate an API key.

Documentation

On June 25, 2024, at 10:00 MDT (16:00 UTC), DigiCert will move the default issuance of public Secure Email (S/MIME) certificates to new industry-compliant public intermediate CA (ICA) certificates.

On June 11, 2024, at 10:00 MDT (16:00 UTC), DigiCert will replace the expiring certificate for CertCentral's SAML metadata. For most, this replacement will go unnoticed.

However, if you are using SAML Single Sign-on (SSO) or the SAML certificate requests feature, you may need to update your SAML integration to keep it working as it did before we replaced the certificate.

I use SAML SSO/certificate requests – What should I do?

When configuring your SAML to CertCentral connection, you must add the DigiCert service provider (SP) metadata to your identity provider's (IdP) metadata. You either added the dynamic URL for DigiCert's SP metadata or the XML formatted SP metadata provided by DigiCert.

We are happy to announce that we’ve updated our automatic domain control validation (DCV) checks, also called DCV polling, for DNS TXT, DNS CNAME, and HTTP practical demonstration DCV methods.

What changed?

Now, DCV polling runs for ten days after you submit your public SSL/TLS certificate order, submit a domain for prevalidation, or change the DCV method for a domain. Additionally, we extended Interval 3, checking every fifteen minutes for one day, and combined Intervals 4 and 5, checking every hour for ten days.

New DCV polling cadence:

Previous DCV polling cadence:

For more information about DCV polling and supported DCV methods:

The QuoVadis TrustLink Enterprise Netherlands instance will be down for approximately 40 minutes during scheduled Europe maintenance on June 1, 2024, 09:00 - 11:00 MDT (15:00 - 17:00 UTC).

How does this affect me?

The maintenance starts at 15:00 UTC. From 09:00 – 09:40 MDT (15:00 to 15:40 UTC), our TrustLink Enterprise Netherlands instance will be down for approximately 40 minutes while we do infrastructure-related maintenance requiring server restarts..

Affected QuoVadis Services

TrustLink Enterprise Netherlands instance

API notes

What can I do?

Plan accordingly:

Services will be restored as soon as the maintenance is completed.

DigiCert will perform scheduled maintenance on June 1, 2024, 22:00 – 24:00 MDT (June 2, 2024, 04:00 – 06:00 UTC).

How does this affect me?

Although we have redundancies to protect your services, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

Services will be restored as soon as the maintenance is completed.

On May 25, 2024, 22:00 – 24:00 MDT (May 26, 04:00 – 06:00 UTC), DigiCert must perform critical maintenance on CertCentral Global. During this time, CertCentral will be down or experience service degradation for 30 minutes.

How does this affect me?

The CertCentral maintenance-related downtime/service degradation happens in two 15-minute periods.

Affected services

This maintenance only affects CertCentral Global. It does not affect our Certificate Issuing Service (CIS), CertCentral Simple Certificate Enrollment Protocol (SCEP), or CertCentral Europe.

API notes

What can I do?

Plan accordingly

Services will be restored as soon as the maintenance is completed.

In CertCentral, on the Preferences page, we removed the Active Validation section and the Maintain active organization validation setting.

How does this affect my organization validation process?

DigiCert will continue to validate your organizations when included in your certificate request, and you can continue to submit your organizations for prevalidation.

References:

DigiCert will perform scheduled maintenance on May 4, 2024, 09:00 – 11:00 MDT (15:00 – 17:00 UTC). Although we have redundancies to protect your services, some DigiCert services may be unavailable during this time.

What can I do?

Services will be restored as soon as the maintenance is completed.

DigiCert will perform scheduled maintenance on May 4, 2024, 22:00 – 24:00 MDT (May 5, 2024, 04:00 – 06:00 UTC). Although we have redundancies to protect your services, some DigiCert services may be unavailable during this time.

What can I do?

Services will be restored as soon as the maintenance is completed.

We updated the Order validation status endpoint and added a new URL query parameter, include_risk_check. Use this parameter to check the domain risk for the order. You only need to include ?include_risk_check=true on non-DV TLS orders, as we always return the risk_status for DV TLS certificates.

See Order validation status.

curl -X GET \
  'https://www.digicert.com/services/v2/order/certificate/{{order_id}}/validation?include_risk_check=true' \
  -H 'Content-Type: application/json' \
  -H 'X-DC-DEVKEY: {{api_key}}'

DigiCert ONE Switzerland and TrustLink Switzerland locations could experience downtime for approximately 30 minutes during scheduled maintenance on April 6, 2024, 09:00 – 11:00 MDT (15:00 – 17:00 UTC).

If everything goes as planned, the maintenance will not affect our DigiCert ONE Switzerland and TrustLink Switzerland customers. However, there could be service downtime if things don't go as planned.

The maintenance starts at 09:00 MDT (15:00 UTC). From 09:00 to 10:00 MDT (15:00 to 16:00 UTC), our DigiCert ONE Switzerland instance and its Managers and our TrustLink Switzerland instance could be down or experience service degradation for approximately 30 minutes.

Affected services

API notes

What can I do?

Services will be restored as soon as the maintenance is completed.

DigiCert will perform scheduled maintenance on April 6, 2024, 22:00 – 24:00 MDT (April 7, 2024, 04:00 – 06:00 UTC).

Although we have redundancies to protect your services, some DigiCert services may be unavailable during this time.

What can I do?

Services will be restored as soon as the maintenance is completed.

We are happy to announce, we added two endpoints to the CertCentral Services API: View KeyLocker signatures and Purchase KeyLocker signatures.

These endpoints make it easier to manage the signatures for your code signing certificate orders using the DigiCert KeyLocker provisioning method:

On March 19, 2024, DigiCert began enforcing technical controls on code signing certificates provisioned in DigiCert® KeyLocker, our cloud-based HSM. Additionally, we changed how KeyLocker pricing works.

On March 16, 2024, 09:00 – 11:00 MDT (15:00 –  17:00 UTC), DigiCert must perform critical maintenance on the ADSS signing service in our Document Trust Manager Switzerland location. During this time, Document Trust Manager and its ADSS signing service will be down for approximately 90 minutes.

How does this affect me?

The maintenance starts at 09:00 MDT (15:00 UTC). From 09:00 to 10:30 MDT (15:00 – 16:30 UTC), our Document Trust Manager Switzerland instance and its ADSS signing service will be down or experience service degradation for approximately 90 minutes.

What can I do?

Services will be restored as soon as the maintenance is completed.

This update does not affect Secure Email for Business requests submitted via CertCentral; it only affects requests submitted via the API.

We added a new optional subject DN attribute to the subject array of the Order Secure Email certificate endpoint. The new include_given_name_surname parameter lets you to control when the surname and given name are included in the subject distinguished name (DN) attributes of your issued Secure Email for Business (secure_email_sponsor) certificates.

To include the given name and surname in the subject distinguished name (DN) attributes on your issued Secure Email for Business (secure_email_sponsor) certificate, you must now use the subject object to submit values for the given name and surname (include_given_name_surname).

We also updated the Reissue certificate API reference to include details for using the subject object  to submit values for the given name and surname (include_given_name_surname) in the subject distinguished name (DN) attributes on the issued certificate.

{
  "certificate": {
    "emails": [
      "example@example.com"
    ],
    ...
  },
  ...
  "subject": {
    "include_given_name_surname": true
  },
  ...
}

We updated the CertCentral user invitation process to improve performance and make managing active invitations easier.

On March 11, 2024, 21:00 – 23:00 MDT (March 12, 03:00 –  05:00 UTC), DigiCert must perform critical maintenance on the ADSS signing service in our Document Trust Manager Netherlands location. During this time, Document Trust Manager and its ADSS signing service will be down for approximately 90 minutes.

How does this affect me?

The maintenance starts at 21:00 MDT (03:00 UTC). From 21:00 to 22:30 MDT (03:00 – 04:30 UTC), our Document Trust Manager Netherlands instance and its ADSS signing service will be down or experience service degradation for approximately 90 minutes.

What can I do?

Services will be restored as soon as the maintenance is completed.

DigiCert will perform scheduled maintenance on March 2, 2024, 09:00 – 11:00 MST (16:00 – 18:00 UTC). Although we have redundancies to protect your services, some DigiCert services may be unavailable during this time.

What can I do?

Services will be restored as soon as the maintenance is completed.

PKI Platform 8 may experience downtime or delayed responses for approximately 15 minutes during scheduled maintenance on March 2, 2024, 22:00 – 24:00 MST (March 3, 05:00 – 07:00 UTC).

PKI Platform 8 maintenance

If everything goes as planned, the maintenance will not affect our PKI Platform 8 customers. However, this maintenance is high risk, so if things don't go as planned, there could be service interruptions, delayed responses, or even downtime.

The PKI Platform 8 maintenance starts at 22:00 MST (05:00 UTC). From 22:00 to 22:30 MST (05:00 to 05:30 UTC), PKI Platform 8 may experience interruptions such as downtime (up to 15 minutes), service interruptions, or delayed responses.

API note:

What can I do?

Plan accordingly:

Services will be restored as soon as the maintenance is completed.

We updated the duplicate certificate request process in CertCentral. Now, when requesting a duplicate certificate, you can modify the duplicate certificate's validity if needed.

Previously, the duplicate certificate always expired when the certificate you were duplicating expired. You couldn't modify the duplicate certificate's validity.

See for yourself

See Duplicate a TLS/SSL certificate.

We updated the duplicate certificate endpoint and added support for the custom_expiration_date parameter. Use this parameter to modify the certificate validity for your duplicate certificate.

See Duplicate certificate.

JSON example:

{  "certificate": {               
          "common name":"example.com",               
          "csr":"-----BEGIN CERTIFICATE REQUEST----- … -----END CERTIFICATE REQUEST-----",               
          "signature_hash":sha256    
   },    
   "custom_expiration_date": "2024-10-15"
}

Some DigiCert services will be down for approximately 10 minutes during scheduled Europe maintenance on February 3, 2024, 09:00 - 11:00 MST (16:00 - 18:00 UTC).

QuoVadis services maintenance-related downtime

During the two-hour maintenance window, some QuoVadis services will be down for approximately 10 minutes while we do infrastructure-related maintenance that requires server restarts.

Affected QuoVadis Services:

API note

What can I do?

Plan accordingly:

Services will be restored as soon as the maintenance is completed.

DigiCert will perform scheduled maintenance on February 3, 2024, 22:00 – 24:00 MST (February 4, 2024, 05:00 – 07:00 UTC).

Although we have redundancies to protect your services, some DigiCert services may be unavailable during this time.

What can I do?

Plan accordingly:

Services will be restored as soon as the maintenance is completed.

We are happy to announce that the CertCentral ACME service now supports DV certificates and domain control validation (DCV) as part of the ACME workflow, along with other changes needed to support these features.

On December 7, 2023, we let you know that as part of our database optimization process, expired certificate data older than 14 months would be unavailable until January 22, 2024.

This post is to let you know that access to this older expired certificate data has been delayed. As soon as access is restored, we will post another change log entry to let you know.

What if I need to view or access older expired certificate data?

If you need to access your older expired certificate data before access is restored, please contact DigiCert Support.

Starting January 17, 2024, DigiCert may suspend users and accounts that have been inactive for 39 or more months. See the DigiCert user and account deactivation and deletion policy to learn more.

We updated the DigiCert CertCentral Sign in to your account page. The next time you sign in to your account, add your username first. Then, after selecting Next, add your password and select Sign in.

Updated Sign in to your account page

We are happy to announce that in CertCentral, you can now set a revocation date and time when revoking a code signing certificate due to a key compromise.

Previously, you had to contact DigiCert Support to set a revocation date and time when revoking a code signing certificate due to a key compromise. Now, you can do it yourself from your CertCentral account.

Java signatures

Java uses the status of the certificate, not the revocation date, to determine signature trust. Thus, all Java signatures are invalidated regardless of the certificate revocation date.

Revoking multiple certificates

When revoking all certificates on an order, DigiCert uses the date of the most recently issued certificate to establish the earliest allowed revocation date for all certificates on the order (i.e., you cannot set a revocation date before the certificate issuance date). If this issuance date does not match your key compromise date, we recommend revoking certificates individually from the Certificate history tab.

DigiCert will perform scheduled maintenance on January 6, 2024, 09:00 – 11:00 MST (16:00 – 18:00 UTC).

Although we have redundancies to protect your services, some DigiCert services may be unavailable during this time.

What can I do?

Services will be restored as soon as the maintenance is completed.

DigiCert will perform scheduled maintenance on January 6, 2024, 22:00 – 24:00 MST (January 7, 2024, 05:00 – 07:00 UTC).

Although we have redundancies to protect your services, some DigiCert services may be unavailable during this time.

What can I do?

Services will be restored as soon as the maintenance is completed.