On September 1, 2020, the industry stopped issuing 2-year public SSL/TLS certificates. The new maximum validity for public DV, OV, and EV SSL/TLS certificates is 398 days (approximately 13 months). See One-Year Public-Trust SSL Certificates: DigiCert’s Here to Help.
DigiCert stopped issuing 2-year public SSL/TLS certificates on August 27, 2020 6:00 pm MDT (August 28 00:00 UTC).
Following industry best practices, DigiCert implemented a 397-day maximum validity for all public DV, OV, and EV SSL/TLS certificates. This practice accounts for time zone differences and prevents Certificate Authorities from mis-issuing a public SSL/TLS certificate that exceeds the new 398-day maximum validity requirement.
This industry change does not affect these types of certificates:
With the new 397-day maximum certificate validity, we recommend maximizing your SSL/TLS coverage by purchasing your new public SSL/TLS certificates with a DigiCert® Multi-year Plans.
Multi-year Plans allow you to pay a single discounted price for up to six years of SSL/TLS certificate coverage. With these plans, you pick the SSL/TLS certificate, the certificate validity, and the duration of coverage you want--up to six years. To learn more, see Multi-year Plans.
Enterprise License Agreement (ELA) and Flat Fee contracts only support 1 and 2-year Multi-year Plans.
For those using the DigiCert Services API, you need to update your API workflows to account for the new maximum certificate validity of 397 days in your requests. See Services API.
Pending public SSL/TLS certificate orders with a validity greater than 397 days will automatically be converted to a Multi-year Plan.
This means:
This change doesn’t affect active 2-year certificates issued before the August 27, 2020 deadline. These certificates will continue to be trusted until they expire.
For example, on August 10, 2020, you purchase a 2-year OV SSL/TLS certificate. We issue the certificate on August 12, 2020. When the certificate nears its expiration date, instead of renewing it with another 2-year SSL/TLS certificate, you’ll need to renew it with a 1-year certificate or order a certificate from the DigiCert® Multi-year Plan.
The shortened maximum certificate lifecycle period of 397 days impacts public 2-year SSL/TLS certificates when reissued or duplicated.
The following types of actions require you to reissue a certificate:
Now when you reissue or duplicate a 2-year public SSL/TLS certificates, the new certificate will have a maximum validity of 397 days. This means some reissued certificates will expire before the order expires.
To use the remaining validity included with the order, reissue your certificates during the order's final 397-day period. You may request reissues with a validity of up to 397 days or the expiration of the order, whichever is soonest.
On August 1, 2020 (before the August 27 deadline), we issued your 2-year multi-domain certificate—this is the original certificate.
This certificate:
On November 1, 2020 (new 397-day maximum validity change implemented), you reissue the certificate.
This reissued certificate:
On January 1, 2021, you reissue the certificate.
This reissued certificate:
On April 1, 2022, you reissue the certificate a last time.
This reissued certificate:
If you need to reissue a 2-year public SSL/TLS certificate and have questions about what to expect when the certificate is reissued, please contact your account representative or our Support team before you reissue it.
You can still renew a certificate order as early as 90 days to 1 day before it expires. When you renew, DigiCert will transfer as much remaining validity as possible to the renewed certificate without exceeding the new 397-day maximum certificate validity.
Any validity that cannot be transferred directly to the certificate will be transferred to your order, and the order will be converted to a Multi-year Plan. This means your renewal order may have a longer validity than the renewal certificate.
To use the extra validity included with the renewal order, reissue the certificates during the order's final 397-day period. You may request reissues with a validity of up to 397 days or the expiration of the order, whichever is soonest.
| Order validity | Certificate renewed | Renewed certificate validity | Days remaining on order |
|---|---|---|---|
| 455 days | 90 days before order expires | 397 days (365 + 32) | 58 days |
| 425 days | 60 days before order expires | 397 days (365 + 32) | 28 days |
| 397days | 30 days before order expires | 397 days (365 + 32) | 0 days |
| 366 days | 1 day before order expires | 366 days (365 + 1) | 0 days |
| 365 days | Day order expires | 365 days | 0 days |