CertCentral

为了让您更轻松地规划证书相关任务，我们提前预定了 2022 年维护时限。请参阅 DigiCert 2022 年预定维护 - 本页始终提供所有最新的维护计划信息。

鉴于我们客户遍布世界各地，我们知道该时间并非对每个人都“合适”。但是，在审查有关客户使用情况的数据后，我们选择了受影响的客户数量最少的时间。

关于我们的维护计划

有关这些维护时限的更多信息，请联系您的客户经理或 DigiCert 支持团队。

To simplify the domain control validation (DCV) workflow for OV and EV TLS certificates, we've improved our random value generation process for OV and EV certificate orders.

Now, when using DCV methods that require a random value to complete the domain validation for your OV or EV TLS orders, you receive a single random value that you can use to complete the DCV check for every domain on the order.

This change brings the DCV workflow for OV and EV orders into closer alignment with DV orders, which have always returned a single random value for all domains on the order.

Affected DCV methods:

To improve API workflows for clients using DCV methods that require a random value for OV and EV TLS certificate orders, we made the following enhancements to the CertCentral Services API.

{
  "id": 12345,
  "dcv_random_value": "ab12cdef345gh6i78jklmnop901qrs23",1
  "domains": [
    {
      "id": 1469,
      "name": "example.com",
      "dns_name": "example.com",
      "dcv_token": {
        "token": "ab12cdef345gh6i78jklmnop901qrs23",
        "status": "pending",
        "expiration_date": "2023-08-16T01:16:29+00:00"
      }
    },
    {
      "id": 1469,
      "name": "example.com",
      "dns_name": "sub.example.com",
      "dcv_token"2: {
        "token": "ab12cdef345gh6i78jklmnop901qrs23",
        "status": "pending",
        "expiration_date": "2023-08-16T01:16:29+00:00"
      }
    },
    {
      "id": 1470,
      "name": "example.org",
      "dns_name": "example.org",
      "dcv_token": {
        "token"3: "ab12cdef345gh6i78jklmnop901qrs23",
        "status": "pending",
        "expiration_date": "2023-08-16T01:16:29+00:00"
      }
    }
  ],
  "certificate_id": 123456
}

{
  ...
  "higher_level_domains": [
    {
      "name": "sub.example.com",
      "id": 4316203,
      "dcv_expiration_datetime": "2023-12-04T04:08:50+00:00"
    },
    {
      "name": "example.com",
      "id": 4316205,
      "dcv_expiration_datetime": "2023-12-04T04:08:49+00:00"
    }
  ],
  ...
}

https://www.digicert.com/services/v2/domain/{{domain_id}}?include_dcv=true

To give API clients access to more information about the verified contacts that exist for an organization, we added a new array to the Organization info API response: verified_contacts.

The new verified_contacts array provides a list of objects with details about each verified contact that exists for the organization. The verified_contacts array:

{
... 
 "verified_contacts": [
    {
      "id": 942858,
      "name": "Jane Doe",
      "first_name": "Jane",
      "last_name": "Doe",
      "job_title": "Site Reliability Engineer",
      "telephone": "1234567890",
      "email": "jane.doe@example.com",
      "verified_roles": [
        {
          "validation_type": "EV",
          "status": "pending"
        },
        {
          "validation_type": "CS",
          "status": "pending"
        }
      ]
    }
  ],
...
}

We fixed a bug where submitting a verified contact with multiple validation types (for example, CS and EV) caused duplicate verified contacts to be created for the organization, one for each validation type. This bug affected verified contacts submitted through the CertCentral console or through the CertCentral Services API.

Now, when you submit verified contacts with multiple validation types, we assign each validation type to the same verified contact, instead of creating a duplicate.

On December 6, 2022, at 10:00 MST (17:00 UTC), DigiCert will no longer issue EV Code Signing certificates with a permanent identifier value in the Subject Alternative Name field.

What do I need to do?

Does your EV code signing process expect to find the permanent identifier when parsing your issued EV Code Signing certificates?

Does this change affect my existing EV Code Signing certificates?

This change does not affect existing EV Code Signing certificates with a permanent identifier value in the Subject Alternative Name field. However, if you reissue an EV Code Signing certificate after the change on December 6, 2022, your reissued certificate will not contain a permanent identifier.

Background

The permanent identifier is a unique code for EV code signing certificates that includes information about the certificate subject’s jurisdiction of incorporation and registration information. In 2016, the CA/Browser Forum removed the permanent identifier requirement from EV Code Signing certificates.

Starting December 6, 2022, DigiCert will require organizations on Code Signing (CS) and EV Code Signing (EV CS) certificate orders to have a verified contact.

This change was originally scheduled for October 19, 2022. However, we postponed the change to December 6, 2022. For more information, see the October 19, 2022 change log entry.

Learn more:

DigiCert will perform scheduled maintenance on December 3, 2022, 22:00 – 24:00 MST (December 4, 2022, 05:00 – 07:00 UTC).

Although we have redundancies to protect your services, some DigiCert services may be unavailable during this time.

DigiCert will perform scheduled maintenance on November 5, 2022, 22:00 –24:00 MDT (November 6, 2022, 04:00 – 06:00 UTC). Although we have redundancies to protect your services, some DigiCert services may be unavailable during this time.

We updated the Prove control over your domain popup window for pending DV orders, making it easier to see what you need to do to complete the domain validation for all domains included on your certificate.

Now, when you select a domain control validation (DCV) method, you can see basic instructions for completing the domain validation along with a link to more detailed instructions on our product documentation website.

See for yourself

Improved Prove control over your domain popup window

DigiCert is happy to announce that CertCentral allows you to upgrade your product when renewing your order.

Are you tired of placing a new order and reentering all your information when upgrading to a new product?

Now you don’t have to. We’ve improved our order renewal process so you can upgrade your product when renewing your certificate order.

Don’t see that option to upgrade your product when renewing your order, or already have the products you need and don’t want to see the option to upgrade?

Don’t worry; you can enable and disable this feature as needed. When ready to upgrade, you can enable it to save the hassle of placing a new order. When done, you can disable it until the next time you want to upgrade a product. See Upgrade product on renewal settings.

DigiCert is happy to announce that we updated the Code Signing and EV Code Signing request forms making it easier to view and add organization-related information when ordering a certificate.

This update allows you to select an organization and review the contacts associated with that organization or enter a new organization and assign contacts to the new organization.

Changes to note

Before, you could only see and select an existing organization and could not see the contacts assigned to the organization.

See for yourself

In your CertCentral account, in the left main menu, go to Request a Certificate > Code Signing or Request a Certificate > EV Code Signing to see the updates to the request forms.

When reissuing your code signing certificate, we now include the Subject Email Address on your reissued certificate. Adding a subject email is optional and only available in enterprise accounts.

Note that we will not include the subject email address in the reissued certificate if the domain validation on that email domain has expired.

Background

When you order a code signing certificate, you can include an email address on your code signing certificate—subject email. Including an email address on the certificate provides an additional layer of trust for end users when checking your code signing signature.

See 订购代码签名证书.

We are happy to announce that you can now make the Additional emails field a required field on CertCentral, Guest URL, and Guest Access request forms.

Tired of missing important expiring certificate notifications because the certificate owner is on vacation or no longer works for your organization?

The change helps prevent you from missing important notifications, including order renewal and expiring certificate notifications when the certificate owner is unavailable.

See for yourself:

To change this setting for CertCentral request forms:

To change this setting for Guest Access:

To change this setting for Guest URLs:

On October 20, 2022, the RSS feed for the docs.digicert.com change log is going down due to a platform migration.

It will return. Check back here for updates or contact us at docs@digicert.com to be notified when the new RSS feed is available.

Starting October 19, 2022, DigiCert will require organizations on Code Signing (CS) and EV Code Signing (EV CS) certificate orders to have a verified contact.

DigiCert has always required a verified contact from the organization to approve code signing certificate orders before we issue the certificate. Today, DigiCert can add a verified contact to an organization during the validation process. After October 19, verified contacts must be submitted with the organization.

To make the transition easier, when you submit a request to the Order code signing certificate API endpoint, DigiCert will default to adding the authenticated user (the user who owns the API key in the request) as a verified contact for the organization.

DigiCert will apply this default when:

To avoid a lapse in service, make sure users in your CertCentral account with active API keys have a job title and phone number.

Learn more

We are happy to announce that we updated the DigiCert site seal image and replaced the checkmark with a padlock.

The updated site seal continues to provide your customers with the assurance that your website is secured by DigiCert—the leading provider of digital trust.

In CertCentral, we reorganized and updated the look of the Code Signing and EV Code Signing certificate request forms. These forms are now more consistent with the look and flow of our TLS/SSL certificate request forms.

On the code signing request form, when adding a Subject email address to appear on the certificate, you can now see the validated domains assigned to the organization with which the code signing certificate is associated.

DigiCert will perform scheduled maintenance on October 8, 2022, 22:00 –24:00 MDT (October 9, 2022, 04:00 – 06:00 UTC). Although we have redundancies to protect your services, some DigiCert services may be unavailable during this time.

DigiCert will end support for Cipher-Block-Chaining (CBC) ciphers in TLS connections to our services on October 8, 2022, at 22:00 MDT (October 9, 2022, at 04:00 UTC).

This change affects browser-dependent services and applications relying on CBC ciphers that interact with these DigiCert services:

This change does not affect your DigiCert-brand certificates. Your certificates will continue to work as they always have.

To give you more control over your domain prevalidation workflows, we added a new optional request parameter to the Add domain API endpoint: keep_www. Use this parameter to keep the www. subdomain label when you add a domain using a domain control validation (DCV) method of email, dns-txt-token, or dns-cname-token.

By default, if you are not using file-based DCV, the Add domain endpoint always removes the www. subdomain label from the name value. For example, if you send www.example.com, DigiCert adds example.com to your account and submits it for validation.

To keep the www and limit the scope of the approval to the www subdomain, set the value of the keep_www request parameter to true:

{
  "name": "www.example.com",
  "organization": {
    "id": 12345
  },
  "validations": [
    {
      "type": "ov"
    }
  ],
  "dcv_method": "email",
  "keep_www": true
}

CertCentral supports including a revocation reason when revoking a certificate. Now, you can choose one of the revocation reasons listed below when revoking all certificates on an order or when revoking an individual certificate by ID or serial number.

Supported revocation reasons:

*Note: Selecting Key compromise does not block using the associated public key in future certificate requests. To add the public key to the blocklist and revoke all certificates with the same key, visit problemreport.digicert.com and prove possession of the key.

Revoke immediately

We also added the Revoke this certificate immediately option that allows Administrators to skip the Request and Approval process and revoke the certificate immediately. When this option is deselected, the revocation request appears on the Requests page, where an Administrator must review and approve it before it is revoked.

Background

The Mozilla root policy requires Certificate Authorities (CAs) to include a process for specifying a revocation reason when revoking TLS/SSL certificates. The reason appears in the Certificate Revocation List (CRL). The CRL is a list of revoked digital certificates. Only the issuing CA can revoke the certificate and add it to the CRL.

DigiCert will perform scheduled maintenance on September 10, 2022, 22:00 –24:00 MDT (September 11, 2022, 04:00 – 06:00 UTC). Although we have redundancies to protect your services, some DigiCert services may be unavailable during this time.

In the CertCentral Services API, we added the option to choose a revocation reason when you submit a request to revoke a TLS/SSL certificate.

You can choose a revocation reason when revoking all certificates on an order or when revoking an individual certificate by ID or serial number.

To choose a revocation reason, include the optional revocation_reason parameter in the body of your request.

Example JSON request body:

{
  "revocation_reason": "superseded"
}

For information about each revocation reason, visit the API documentation:

In the CertCentral Services API, we added a new contact_type label for verified contacts: verified_contact.

Use the verified_contact label to identify verified contacts for an organization when you submit a request for an EV TLS, Verified Mark, Code Signing, or EV Code Signing certificate. The updated label applies to all verified contacts, regardless of which product type the order is for.

For example, this JSON payload shows how to use the verified_contact label to add a verified contact to an organization in a new certificate order request:

{
  "certificate": {
    ...
  }
  "organization": {
    "id": 12345,
    "contacts": [
      {
        "contact_type": "verified_contact",
        "user_id": 12345
      }
  },
  ...
}

Note: Before this change, verified contacts were always identified with the label ev_approver. The CertCentral Services API will continue accepting ev_approver as a valid label for verified contacts on EV TLS, VMC, Code Signing, and EV Code Signing certificate orders. The verified_contact label works the same as the ev_approver label, but the name is updated to apply to all products that require a verified contact.

We updated the Order code signing certificate API documentation to describe three ways to add an organization to your Code Signing (CS) or EV Code Signing (EV CS) order requests:

Learn more: Order code signing certificate – CS and EV CS organization validation

DigiCert is happy to announce that CertCentral allows you to modify the common name and subject alternative names (SANs) on pending orders: new, renewals, and reissues.

Tired of canceling an order and placing it again because a domain has a typo? Now, you can modify the common name/SANs directly from a pending order.

Items to note when modifying SANs

See for yourself

See Edit common name and SANs on a pending TLS/SSL order: new, renewals, and reissues.

To make it easier for API clients to get the exact date and time domain validation reuse periods expire, we added new response parameters to the Domain info and List domains API endpoints:

Learn more:

Some DigiCert services will be down for about 15 minutes during scheduled maintenance on August 6, 2022, 22:00 – 24:00 MDT (August 7, 2022, 04:00 – 06:00 UTC).

To give API clients the option to hide unused certificates from API response data, we released new API endpoints to archive and restore certificates. By default, archived certificates do not appear in response data when you submit a request to the List reissues or List duplicates API endpoints.

New API endpoints

Updated API endpoints

We updated the List reissues and List duplicates endpoints to support a new optional URL query parameter: show_archived. If the value of show_archived is true, the response data includes archived certificates. If false (default), the response omits archived certificates.

Some DigiCert services will be down for a total of 20 minutes during scheduled maintenance on July 9, 2022, 22:00 – 24:00 MDT (July 10, 2022, 04:00 – 06:00 UTC).

DigiCert is happy to announce that we improved the layout and design of the Order details page.

We took your feedback and updated the Orders page to make managing your certificates and orders easier throughout their lifecycle.

When we reorganized the information on the Order details page, we didn’t remove anything. So, everything you did before the updates, you can still do now. However, there are a few things you asked for that you can do now that you couldn’t do before.

DigiCert is happy to announce that we improved the CAA resource record checking feature and error messaging for failed checks in CertCentral.

Now, on the order’s details page, if a CAA resource record check fails, we display the check’s status and include improved error messaging to make it easier to troubleshoot problems.

DigiCert is happy to announce that CertCentral bulk domain validation now supports two more domain control validation (DCV) methods: DNS TXT and DNS CNAME.

Remember, domain validation is only valid for 397 days. To maintain seamless certificate issuance, DigiCert recommends completing DCV before the domain's validation expires.

Don't spend extra time submitting one domain at a time for revalidation. Use our bulk domain revalidation feature to submit 2 to 25 domains at a time for revalidation.

DigiCert 很高兴宣布 CertCentral 报告库 API 增加了以下增强功能：

DigiCert 执行预定维护的时间为 2021 年 6 月 4 日 22:00 – 24:00 MDT（2021 年 6 月 5 日 04:00 – 06:00 UTC）。尽管我们提供了冗余以保护您的服务，但在此期间，一些 DigiCert 服务可能不可用。

更新：为了让 API 消费者有更多时间评估订单信息 API 响应变化对其集成的影响，我们将此更新推迟到了 2022年 5 月 31 日。我们原本计划在 2022 年 4 月 25 日发布以下更改。

2022 年 5 月 31 日，DigiCert 对订单信息 API 进行以下改进。这些更改删除了未使用的值，并更新了订单详情对象的数据结构，使各种产品类型的不同状态下的订单更加保持一致。

有关公共 TLS、代码签名、文档签名和 1 类 S/MIME 证书的更多信息和响应示例，请参阅订单信息端点的参考文档。

如果您对这些更改有疑问或需要帮助，请联系您的客户代表或 DigiCert 支持团队。

MDT 时间 2022 年 5 月 24 日上午 9:00 至 11:00（UTC 时间下午 3:00 至 5:00），DigiCert 将替换下列 GeoTrust 和 RapidSSL 中间 CA (ICA) 证书。我们无法再从这些中间证书颁发具有最长有效期（397 天）的 DV 证书。

请参阅 DigiCert ICA 更新知识库文章。

DigiCert 很高兴宣布我们将使用新的密钥生成服务 — KeyGen。使用 KeyGen 从浏览器生成并安装客户端和代码签名证书。KeyGen 可以在 macOS 和 Windows 上使用，并且在所有主要浏览器中均受支持。

通过 KeyGen，您不需要生成 CSR 来订购客户端和代码签名证书。在不使用 CSR 的情况下提交订单。然后，在订单处理完毕且证书准备就绪后，DigiCert 会发送一封“生成证书”的电子邮件，其中将告知您如何使用 KeyGen 获取证书。

我们修复了一个问题，即当没有用户与订单关联时，订单信息 API (GET https://www.digicert.com/services/v2/order/certificate/{{order_id}}) 为 user 字段返回错误的数据类型。现在，对于没有用户数据的订单，订单信息端点返回一个空的 user 对象 ("user": {})，而不是返回一个空数组 ("user": [])。

更新：MDT 时间 5 月 7 日（UTC 时间 5 月 8 日）的维护期间不会停机。

DigiCert 执行预定维护的时间为 2022 年 5 月 7 日 22:00 – 24:00 MDT（2022 年 5 月 8 日 04:00 – 06:00 UTC）。尽管我们提供了冗余以保护您的服务，但在此期间，一些 DigiCert 服务可能不可用。

一旦完成维护，将立即恢复服务。

我们很高兴宣布，多年期计划现在可用于 CertCentral 和 CertCentral 服务 API 中的经认证的标记证书 (VMC)。

购买 DigiCert® 多年计划，您只需支付一次优惠价就能享用长达六年的经认证的标记证书保障。通过多年期计划，您可以选择您需要的保障期（最多六年）。在计划到期前，每次在有效期满时，都可以免费补发证书。

DigiCert 很高兴宣布在 CertCentral 服务 API 中推出域锁定功能。

新的 API 端点

更新的 API 端点

我们更新了域信息和列出域端点的响应，在其中包括以下参数和域锁定详情：

有关更多信息，请参阅：

DigiCert is happy to announce our domain locking feature is now available.

Does your company have more than one CertCentral account? Do you need to control which of your accounts can order certificates for specific company domains?

Domain locking lets you control which of your CertCentral accounts can order certificates for your domains.

How does domain locking work?

DNS Certification Authority Authorization (CAA) resource records allow you to control which certificate authorities can issue certificates for your domains.

With domain locking, you can use this same CAA resource record to control which of your company's CertCentral accounts can order certificates for your domains.

How do I lock a domain?

To lock a domain:

To learn more, see:

从 MDT 时间 2022 年 4 月 5 日起，您无法再将 Symantec、GeoTrust、Thawte 和 RapidSSL 帐户升级到 CertCentral™。

如果您还没有迁移到 DigiCert CertCentral，请立即升级以维护网站安全并继续保留对证书的访问权限。

DigiCert 执行预定维护的时间为 2022 年 4 月 2 日 22:00 – 24:00 MDT（2022 年 4 月 3 日 04:00 – 06:00 UTC）。在此期间，某些服务可能会中断最多两个小时。

DigiCert 很高兴宣布，我们的批量域验证功能现已推出。无需浪费时间一次提交一个域进行重新验证。使用批量域重新验证功能，一次可提交 2 到 25 个域进行重新验证。

请记住，域验证的有效期只有 397 天。为了保持无缝的证书颁发流程，DigiCert 建议在域验证到期之前提前完成域控制验证 (DCV)。

请自行参阅

请参阅 域预验证：批量域重新验证。

从 2022 年 3 月 24 日起，当您访问 SSL 工具时，将有弹出消息告诉您 SSL 工具不再可用。欢迎您使用 DigiCert® SSL 安装诊断工具。

DigiCert Basic OV 和 EV 证书订单包括 DigiCert 网站标章。现在，您可以在 Basic SSL 证书保护的同一站点上安装 DigiCert 网站标章。网站标章向您的客户保证您的网站受 DigiCert 的保护，DigiCert 的 TLS/SSL 安全性备受赞誉。

点击网站标章时，您会看到更多关于域、组织、TLS/SSL 证书和验证的详情。

了解如何配置和安装 DigiCert 网站标章

在 CertCentral 和 CertCentral 服务 API 中，您现在可以使用 DNS CNAME 域控制验证 (DCV) 方法验证 DV 证书订单上的域。

如需在 DV 证书订单上使用 DNS CNAME DCV 方法，请执行以下操作：

了解有关 DNS CNAME DCV 方法的更多信息：

为了更轻松地找到有关 CertCentral 帐户中域的域控制验证 (DCV) 状态的信息，我们将这些响应参数添加到列出域 API 响应中的域对象中：

有关更多信息，请参阅列出域端点的参考文档：

DigiCert 执行预定维护的时间为 2022 年 3 月 5 日 22:00 – 24:00 MDT（2022 年 3 月 6 日 5:00 – 7:00 UTC）。在此期间，某些服务可能会中断最多两个小时。

在 CertCentral 和 CertCentral 服务 API 中，我们更新了 EV TLS 证书申请流程，仅向证书申请中包含的已验证的联系人发送 EV TLS 申请审批电子邮件。

将已验证的联系人添加到 EV EV TLS 证书申请中：

有关 EV TLS 证书申请的更多信息：

在 MST 时间 2022 年 2 月 12 日 22:00–24:00（UTC 时间 2022 年 2 月 13 日 05:00-07:00）进行的预定维护中，DigiCert 扩大了用于服务的 IP 地址范围。增加这些 IP 地址是为了增加服务正常运行时间，减少预定维护期间服务停机的情况。

我们更新了域信息 API 响应，使其包括与域关联的 DCV 令牌的 expiration_date 参数。现在，当您调用域信息 API 并将 include_dcv 查询参数的值设置为 true 时，响应中的 dcv_token 对象包括域 DCV 令牌的 expiration_date。

{
  ...
  "dcv_token": {
    "token": "91647jw2bx280lr5shkfsxd0pv50ahvg",
    "status": "pending",
    "expiration_date": "2022-02-24T16:25:52+00:00"
  },
  ...
}

CertCentral 管理员现在能够指定用户可以为哪些电子邮件域创建 CertCentral 帐户。使用该设置可以防止电子邮件发送到未经批准的通用电子邮件域（@ @gmail.com、@yahoo.com）或第三方拥有的域。如果用户试图将用户电子邮件地址设置或更改为未经批准的域，则会收到错误消息。

在设置 > 首选项 中找到此设置。展开高级设置，然后找到经核准的电子邮件域部分。

我们很高兴宣布 DigiCert 现在认可了另外三家知识产权局验证 VMC 证书徽标。它们分别位于韩国、巴西和印度。

新认可的商标局：

其他认可的商标局：

什么是经认证的标记证书？

经认证的标记证书 (VMC) 是一种新的证书类型，允许公司在客户收件箱的“发件人”字段旁放置经认证的品牌徽标。

进一步了解 VMC 证书。

我们修复了代码签名 (CS) 证书颁发过程中的一个错误，即我们只向已验证的 CS 联系人发送证书生成电子邮件。只有当申请人在代码签名证书请求中未提供 CSR 时，才会发生此错误。

现在，对于未提供 CSR 的订单，我们将代码签名证书生成电子邮件发送至：

在调整 DV、OV 和 EV TLS 证书配置文件的过程中，我们对 OV 和 EV TLS 证书配置文件进行了轻微更改。2022 年 1 月 25 日，我们在 OV 和 EV TLS 证书配置文件中将基本约束扩展设置为非关键。

在域页面的验证状态下拉列表中，我们更新了已完成/已验证筛选器，以便您更容易找到已完成域控制验证 (DCV) 且活跃的域。

现在，当您搜索已完成/已验证 DCV 的域时，搜索结果中只会返回已完成 DCV 且活跃的域。要查找 DCV 过期的域，请使用验证状态下拉列表中的已过期筛选器。

查找已完成 DCV 且活跃的域

对于列出域 API，我们更新了 filters[validation]=completed 筛选器，以便您更容易找到用于颁发 OV 或 EV 证书的已验证的域。

在此之前，此筛选器返回所有已完成 DCV 检查的域，包括域验证已过期的域。现在，该筛选器仅返回具有活跃的 OV 或 EV 域验证状态的域。

我们更新了域和域详细信息页面，以更加方便跟踪域的验证状态并保持更新。这些更新符合去年业内对域验证重用有效期*的更改。保持域验证的最新状态可以减少证书颁发次数，包括新证书、补发、副本和续订证书。

DigiCert 执行预定维护的时间为 2022 年 1 月 8 日 22:00 – 24:00 MDT（2022 年 1 月 9 日 05:00 – 07:00 UTC）。尽管我们提供了冗余以保护您的服务，但在此期间，一些 DigiCert 服务可能不可用。