Industry standards change: End of 2-year public SSL/TLS certificates
On August 27, 2020, 6:00 PM MDT (August 28 00:00 UTC), DigiCert stopped issuing public DV, OV, and EV SSL/TLS certificates with a maximum validity greater than 397 days.
Now, 2-year public SSL/TLS certificate reissues have a max validity of 397 days. This means some reissued certificates will expire before the order expires. To use the remaining validity included with the original certificate, reissue certificates during the order's final 397-day period.
To learn more, see End of 2-year DV, OV, and EV public SSL/TLS certificates.
Use these instructions to reissue a GeoTrust Wildcard DV Certificate.
GeoTrust Wildcard DV Certificates use Subject Alternative Names (SANs) to let you secure one or up to 250 domains. The SANs must be a wildcard domain (*.example.com) or based off your listed wildcard domains (mail.example.com). Adding SANs to a GeoTrust Wildcard DV certificate order may incur additional cost.
A Certificate Signing Request (CSR) is required to complete the reissue order.
Create a Certificate Signing Request
To remain secure, certificates must use at least a 2048-bit key size. Need help creating a CSR? See Create a CSR (Certificate Signing Request).
In your CertCentral account, in the sidebar menu, click Certificates > Orders.
On the Orders page, use the drop-down lists, search box, advance search features (Show Advanced Search link), and column headers to find the GeoTrust Wildcard DV certificate you want to reissue.
In the certificate’s Order # column, click the Quick View link.
In the Order details pane (on the right side of the page), click the Reissue Certificate link.
Add Your CSR
We take the common name and any SANs included in your CSR and add them to the Common Name and Other Hostnames (SANs) field.
On the Reissue Certificate for Order page, use one of the options below to add your CSR.
We take the common name included in your CSR and add it to the Common Name field.
To add or change the common name, manually enter the domain you want this DV certificate to secure.
Make sure to format the common name correctly (*.example.com).
Changing the common name when reissuing a GeoTrust Wildcard DV certificate automatically revokes the original certificate and any previous reissues, unless you add the old common name as a SAN on the reissued certificate.
Other Hostnames (SANs)
We take any SANs included in your CSR and add them to the Other Hostnames (SANs) field.
Add, remove, and reorder SANs as needed so the certificate secures the domains that you want.
The SANs must be a wildcard domain (*.example.com) or based off your listed wildcard domains (mail.example.com).
Removing SANs automatically revokes the original certificate or previous reissues.
Select Payment Method
Did you add SANs to the certificate reissue order? Under Payment Information, select a payment method to pay for the certificate.
If you didn't add SANs, skip to the next step. You won't be charged for your reissue.
The Deposit link takes you to another page inside your CertCentral account. Any information entered in the request form will not be saved.
SHA-256 is the only signature hash available for DV certificates.
Select a DCV Method to Prove Control Over Your Domain
Before DigiCert can reissue your DV certificate, you must demonstrate control over the domains on your certificate order. To learn more about the available DCV Methods, see Domain Control Validation (DCV) Methods.
In the DCV verification method drop-down list, choose the DCV method you want to use to demonstrate control over the domains on the certificate order.
You must use the selected DCV method to prove control over every domain on the order.
After submitting your reissue order, you can change the DCV method from the certificate's Order # details page, if needed. (In the sidebar menu, click Certificates > Orders. On the Orders page, in the Order # column of the DV certificate order, click the order number link.)
Select the Language for the DCV Email
In the DCV Email Language drop-down list, select the language you want DCV authentication email to be sent in.
Note that this drop-down list only appears when you select Email as your DCV method.
Reason for Reissue
Add a reason for the reissue that only an Administrator can see.
These comments are not included in the certificate.
When you are finished, click Request Reissue.