Diciembre 31, 2021
To make it easier to plan your certificate related tasks, we scheduled our 2021 maintenance windows in advance. See DigiCert 2021 scheduled maintenance—this page is kept up to date with all maintenance schedule information.
With customers all over the world, we understand there is not a best time for everyone. However, after reviewing the data on customer usage, we selected times that would impact the fewest amount of our customers.
About our maintenance schedule
- Maintenance is scheduled for the first weekend of each month, unless otherwise noted.
- Each maintenance window is scheduled for 2 hours.
- Although we have redundancies in place to protect your service, some DigiCert services may be unavailable.
- All normal operations will resume once maintenance is completed.
If you need more information regarding these maintenance windows, contact your account manager or DigiCert support team. To get live updates, subscribe to the DigiCert Status page.
Marzo 6, 2021
Upcoming scheduled maintenance
On March 6, 2021, between 22:00 – 24:00 MST (March 7, 2021, between 05:00 – 07:00 UTC), DigiCert will perform scheduled maintenance.
Although we have redundancies in place to protect your service, some DigiCert services may be unavailable during this time.
What can you do?
Please plan accordingly.
- Schedule your high-priority orders, renewals, and reissues around the maintenance window.
- To get live maintenance updates, subscribe to the DigiCert Status page. The subscription includes emails to let you know when maintenance starts and ends.
- For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.
Services will be restored as soon as the maintenance is completed.
Febrero 19, 2021
CertCentral Services API: New subaccount endpoints
To make it easier to manage your subaccounts, we added two new endpoints to the CertCentral Services API: List subaccount domains and List subaccount organizations.
- List subaccount domains – Use this endpoint to get information about the domains in a subaccount.
- List subaccount organizations – Use this endpoint to get information about the organizations in a subaccount.
Febrero 17, 2021
CertCentral Services API: Improved Create subaccount endpoint
To give you more control over your subaccounts, we added two new request parameters to the Create subaccount endpoint: child_name and max_allowed_multi_year_plan_length.
child_name– Use this parameter to set a custom display name for the subaccount.max_allowed_multi_year_plan_length– Use this parameter to customize the maximum length of Multi-year Plan orders for the subaccount.
Example JSON request:
After creating a subaccount, use the Subaccount info endpoint to view a subaccount's "display" name and allowed Multi-year Plan order length.
Febrero 6, 2021
Upcoming scheduled maintenance
On February 6, 2021 between 22:00 – 24:00 MST (February 7, 2021 between 05:00 – 07:00 UTC), DigiCert will perform critical maintenance.
During maintenance, the services listed below will be down approximately 60 minutes. However, due to the scope work happening, there may be additional service interruptions during the two-hour maintenance window.
You will be unable to sign in to these platforms and access these services and APIs:
- CertCentral / Service API
- Direct Cert Portal / Direct Cert Portal API
- Certificate Issuing Service (CIS)
- Simple Certificate Enrollment Protocol (SCEP)
- Discovery / API
- ACME
- ACME agent automation / API
DigiCert will be unable to issue certificates for these services and APIs:
- CertCentral / Services API
- Direct Cert Portal / Direct Cert Portal API
- Certificate Issuing Service (CIS)
- Simple Certificate Enrollment Protocol (SCEP)
- Complete Website Security (CWS) / API
- Managed PKI for SSL (MSSL) / API
- QV Trust Link
These services will not be affected by the maintenance activities:
- PKI Platform 8
- PKI Platform 7
- DigiCert ONE managers
API note:
- Services to process certificate-related transactions will be unavailable, such as, requesting certificates, adding domains, and validation requests.
- APIs will return “cannot connect” errors.
- Certificate requests placed during this window that receive a "cannot connect" error message will need to be placed again after services are restored.
What can I do?
Plan accordingly:
- Schedule high-priority orders, renewals, and reissues around the maintenance window.
- Expect interruptions if you use APIs for immediate certificate issuance and automated tasks.
- Subscribe to the DigiCert Status page to get live updates, .
- See the DigiCert 2021 scheduled maintenance for scheduled maintenance dates and times.
Services will be restored as soon as the maintenance is completed.
Enero 25, 2021
CertCentral Services API: Improved Domain emails endpoint
To make it easier to find the DNS TXT email addresses that receive validation emails from DigiCert for email-based domain control validation (DCV), we added a new response parameter to the Domain emails endpoint: dns_txt_emails.
The dns_txt_emails parameter returns a list of email addresses found in the DNS TXT record for the domain. These are the email addresses we find in the DNS TXT record on the _validation-contactemail subdomain of the domain being validated.
Example response with new parameter:
To learn more about the newly supported email to DNS TXT contact DCV method:
For information about validating the domains on DV certificate orders:
For information about validating the domains on OV/EV certificate orders:
Enero 20, 2021
CertCentral Services API: New Unit order details and Cancel unit order endpoints
We are happy to announce we added two new endpoints to the CertCentral Services API: Unit order details and Cancel unit order.
These endpoints allow you to get information about a unit order and to cancel a unit order.
Canceling unit orders:
- You can only cancel an order within thirty days of placing it.
- You cannot cancel a unit order if the subaccount on the order has spent any of the units.
If you manage a subaccount that uses units as its payment method, you can now use the Services API to do the following tasks:
CertCentral Services API: Improved Product list, Product limits, and Product info endpoints
To make it easier to find the available order validity periods for the digital certificate products in your account, we added new response parameters to the Product list, Product limits, and Product info endpoints.
These new response parameters allow you to view the default and customized order validity limits for each product in your account.
The allowed_order_validity_years parameter returns a list of the supported order validity periods for each product in your account.
The allowed_order_lifetimes parameter returns a list of the customized order validity limits for users with different division and user role assignments in your account.
- The
allowed_order_validity_yearsparameter returns a list of the order validity periods that are available when you request the certificate product. - The
custom_order_expiration_date_allowedparameter returns a boolean value that describes whether you can set a custom order expiration date when you request the certificate product.
CertCentral Services API: Improved Subaccount order info endpoint
To make it easier to find information about the validity periods for subaccount orders, we added new response parameters to the Subaccount order info endpoint. These new response parameters allow you to see the order start date, the order end date, and whether the order is a Multi-year Plan.
- The
is_multi_year_planparameter returns"1"if the order is a Multi-year Plan. - The
order_valid_fromparameter returns the start date of the order validity period. - The
order_valid_tillparameter returns the end date of the order validity period.
Example response with new parameters
Enero 9, 2021
Upcoming scheduled maintenance
On January 9, 2021 between 22:00 – 24:00 MST (January 10, 2021 between 05:00 – 07:00 UTC), DigiCert will perform scheduled maintenance.
Although we have redundancies in place to protect your service, some DigiCert services may be unavailable during this time.
What can you do?
Please plan accordingly.
- Schedule high-priority orders, renewals, reissues, and duplicate issues outside of the maintenance window.
- To get live updates, subscribe to the DigiCert Status page.
- For scheduled maintenance dates and times, see DigiCert 2021 scheduled maintenance.
Services will be restored as soon as maintenance is completed.
Diciembre 22, 2020
CertCentral Services API: Update renewal notification settings
We added a new endpoint to the CertCentral Services API contract: Update renewal notification settings. Use this endpoint to enable or disable renewal notifications for a certificate order.
For more information, visit the reference topic for this endpoint in the Services API documentation:
Diciembre 17, 2020
Customize the lifetime of your DigiCert Multi-year Plan
We are happy to announce you can now configure a custom lifetime for your Multi-year Plan (MyP) when requesting a TLS certificate in CertCentral. On the TLS certificate request forms, use the new Custom order validity option to customize the length of your TLS certificate order.
Note: Maximum TLS certificate validity is 397 days per industry best practices. See End of 2-Year public SSL/TLS certificates.
Custom Multi-year Plan order lengths can be set in days or by expiration date. Maximum order length is 2190 days (6 years). Minimum order length is 7 days.
Note: Custom orders start on the day we issue the certificate for the order. Order pricing is prorated to match the certificate selected and your custom order length.
To customize your MyP coverage
- On the Request certificate form, click Select coverage length.
- In the How long do you need to protect your site pop-up window, select Custom order validity.
- Under Select your customer order length, configure the lifetime for your Multi-year Plan:
- Custom order length
Specify the length of your plan in days. - Custom order expiration date
Select the day you want your plan to expire on.
- Custom order length
- Click Save.
Updated product settings for public TLS certificates
To provide more control over your certificate order process, we updated the product settings for public TLS certificates. Now, you can determine the allowed Multi-year Plan order lengths users can select from when ordering a public TLS certificate.
On the TLS certificate's product settings page, use the Allowed validity periods option to determine what MyP order lengths appear on a TLS certificate request form: 1 Year, 2 Years, 3 Years, 4 Years, 5 Years, and 6 Years. Note that changes made to product settings apply to requests placed through CertCentral and the Services API.
Note: Previously, the Allowed validity periods option was used to determine the maximum certificate lifetime a user could select when ordering a public TLS certificate. However, with the industry move to 1-year certificate this option is no longer needed for certificate lengths. See End of 2-Year public SSL/TLS certificates.
To configure the allowed MyP order lengths for a TLS certificate
- In the left main menu, go to Settings > Product Settings.
- On the Product Settings page, select a public TLS certificate. For example, select Secure Site OV.
- Under Secure Site OV, in the Allowed validity periods dropdown, select the validity periods.
- Click Save Settings.
The next time a user orders a Secure Site OV certificate, they will only see the validity period lengths you selected on the request form.
Note: Setting limits on Multi-year Plan order lengths removes the custom validity option from your TLS certificate request forms.
CertCentral Domains page: Improved domains.csv report
On the Domains page, we improved the CSV report to make it easier to track OV and EV domain validation expiration dates and to view the previously used domain control validation (DCV) method.
The next time you download the CSV file, you will see we three new columns in the report:
- OV Expiration
- EV Expiration
- DCV Method
To download the domains.csv report
- In the left main menu, go to Certificates > Domains.
- On the Domains page, in the Download CSV dropdown, select Download All Records.
When you open the domains.csv, you should see the new columns and information in your report.
Diciembre 3, 2020
CertCentral Orders page: Improved load times
In CertCentral, we updated the Orders page to improve load times for those managing high volumes of certificate orders. The next time you visit the Orders page, it will open much quicker (in the left main menu go to Certificates > Orders).
To improve load times, we changed the way we filter your certificate orders upon initial page view. Previously, we filtered the page to show only Active certificate orders. However, this was problematic for those with high volumes of certificate orders. The more orders you have in your account, the longer the Orders page took to open.
Now, when you visit the page, we return all your certificates, unfiltered, in descending order with the most recently created certificate orders appearing first in the list. To see only your active certificates, in the Status dropdown, select Active and click Go.
CertCentral Services API: Purchase units for subaccounts and view unit orders
In the CertCentral Services API, we've added new endpoints for purchasing units and viewing unit orders. Now, if you manage subaccounts that use units as the payment method for certificate requests, you can use the Services API to buy more units for a subaccount and to get information about your unit order history.
For more information, see the reference documentation for the new endpoints:
Diciembre 2, 2020
CertCentral Services API: Documentation updates
We're pleased to announce the following updates to the documentation for the CertCentral Services API:
- New Voucher price estimate API
We published a new reference topic for the Voucher price estimate endpoint. Customers who use vouchers can use this endpoint to estimate the cost (including tax) of an order for specific voucher configurations. - Updated API Glossary
We updated the Glossary with a new table to define the different organization validation status values. See Glossary – Organization validation statuses. - Added request parameter to Update account emails documentation
We added theemergency_emailsrequest parameter to the documentation for the Update account emails endpoint. Use this parameter to update the email addresses that receive emergency notifications from DigiCert.
Example Update account emails request body:
- Added response parameters to the Product info documentation
We added thevalidation_type,allowed_ca_certs, anddefault_intermediateresponse parameters to the documentation for the Product info endpoint.- Use the
validation_typeparameter to get the validation type for a given product. - Use the
allowed_ca_certsparameter to get information about the ICA certificates you can select when you order a given product. * - Use the
default_intermediateparameter to get the ID of the default ICA for a given product. *
- Use the
Example Product info response data:
* Note: The Product info endpoint only returns the allowed_ca_certs and default_intermediates parameters for products that support ICA selection. For public SSL certificates that support ICA selection (OV and EV flex certificates), these parameters are only returned if ICA selection is enabled for the account. Additionally, the default_intermediates parameter is only returned if an administrator has customized a product setting for a division or user role in the account. For more information, see ICA certificate chain option for public OV and EV flex certificates.
Noviembre 3, 2020
CertCentral Services API: Added DCV tokens for new domains to response data for OV and EV certificate orders
We've updated the endpoints for ordering public OV and EV SSL certificates to return the domain control validation (DCV) request tokens for new domains on the order.
Now, when you request an OV or EV certificate, you no longer have to issue separate requests to get the DCV request tokens for the new domains on the order. Instead, you can get the tokens directly from the response data for the order request.
Example response data:
Note: The dcv_token object is not returned for domains that will be validated under the scope of another domain on the order, for domains that already exist in your account, or for subdomains of existing domains.
This update applies to the following endpoints:
Octubre 13, 2020
ICA certificate chain selection for public OV and EV flex certificates
We are happy to announce that public OV and EV certificates with flex capabilities now support Intermediate CA certificate chain selection.
You can add an option to your CertCentral account that enables you to control which DigiCert ICA certificate chain issues your public OV and EV "flex" certificates.
This option allows you to:
- Set the default ICA certificate chain for each public OV and EV flex certificate.
- Control which ICA certificate chains certificate requestors can use to issue their flex certificate.
Configure ICA certificate chain selection
To enable ICA selection for your account, contact your account manager or our Support team. Then, in your CertCentral account, on the Product Settings page (in the left main menu, go to Settings > Product Settings), configure the default and allowed intermediates for each type of OV and EV flex certificate.
For more information and step-by-step instructions, see ICA certificate chain option for public OV and EV flex certificates.
DigiCert Services API support for ICA certificate chain selection
In the DigiCert Services API, we made the following updates to support ICA selection in your API integrations:
- Created new Product limits endpoint
Use this endpoint to get information about the limits and settings for the products enabled for each division in your account. This includes ID values for each product's default and allowed ICA certificate chains. - Added support for ICA selection to public TLS OV and EV flex certificate order requests
After you configure allowed intermediates for a product, you can select the ICA certificate chain that should issue your certificate when you use the API to submit an order request.
Pass in the ID of the issuing ICA certificate as the value for theca_cert_idparameter in the body of your order request
Example flex certificate request:
For more information about using ICA selection in your API integrations, see OV/EV certificate lifecycle – (Optional) ICA selection.
Agosto 26, 2020
DigiCert® Multi-year Plans available for all DigiCert public SSL/TLS certificates
We are happy to announce that Multi-year Plans are now available for all public SSL/TLS certificates in CertCentral. These plans allow you to pay a single discounted price for up to six years of SSL/TLS certificate coverage.
Note: Enterprise License Agreement (ELA) contracts support only 1 and 2-year Multi-year Plans. Flat Fee contracts do not support Multi-year Plans. If you have a Flat Fee contract, please contact your account manager to find a solution that works with your contract.
With Multi-year Plans, you pick the SSL/TLS certificate, the duration of coverage you want (up to six years), and the certificate validity. Until the plan expires, you reissue your certificate at no cost each time it reaches the end of its validity period. For more information, see Multi-year Plans.
DigiCert Services API changes to support Multi-year Plans
In our Services API, we updated our public SSL/TLS certificate endpoints to support ordering a certificate with a Multi-year Plan.
To each endpoint for ordering a public SSL/TLS certificate, we added new optional* request parameters. Additionally, we've updated these endpoints such that the validity period of your order no longer must match the validity period of your certificate.
- New optional cert_validity parameter
Use this parameter to define the validity period of the first certificate issued for the order. If you omit the cert_validity parameter from your request, your certificate validity defaults to the maximum validity that DigiCert and industry standards allow, or the validity period of the order, whichever is sooner. - New optional order_validity parameter*
Use this parameter to define the validity period for the order. Order validity determines the length of a Multi-year Plan. - Updated top-level validity_years, validity_days, custom_expiration_date parameters*
For existing API integrations, you can still use these existing parameters to define the validity period of the order. However, we recommend updating your integrations to use the new parameters instead. Remember, with Multi-year Plans, your order can have a different validity period than your certificate.
*Note: Requests must include a value for either the order_validity object or for one of the top-level order validity parameters: validity_years, validity_days, or custom_expiration_date. The values provided in the order_validity object override the top-level validity parameters.
These changes should not affect your current integrations. However, to maximize your SSL/TLS coverage, you may want to start purchasing your public SSL/TLS certificates with a Multi-year Plan. For API integrations, see Order Multi-year Plan.
Example certificate request with new parameters
