With the passing of CA/Browser Forum Ballot SC12: Sunset of Underscores in DNSNames, the industry is retiring underscores ("_") in domain names in public SSL certificates. On January 14, 2019, your existing DigiCert certificates containing underscores will be revoked.
This ballot does not affect Private SSL certificates, nor does it affect other types of digital certificates such as Code Signing, Client, and so on.
Ballot SC12 sets some important dates for the retirement of underscores along with an important provision to help those with an urgent need to continue using underscores for a little bit longer. By May 1, 2019, industry standards mandate that Public SSL certificates must no longer secure domain names with underscores ("_").
For a limited time, CAs are allowed to issue public SSL certificates containing underscores ("_"). This provision is meant to provide you with some extra time to find a permanent migration solution.
However, there are specific guidelines in Ballot SC12 to make sure these certificates are compliant.
Wildcard Certificate Note: If the underscore is present in the left most domain label, use a wildcard certificate instead. A wildcard certificate for *.example.com secures example_domain.example.com and _example.domain.example.com.
For timelines and date specific information:
The preferred solution is to rename the hostnames (FQDNs) that contain underscores and replace the certificates. For situations where renaming is not possible, you can use private certificates and, in some cases, you can use a wildcard certificate that secures the entire domain. For more information, see Underscores not allowed in FQDNs.