SSL Certificates Validity Decreasing to One Year
Following industry-wide requirements, starting August 14, 2020, we will no longer support the purchase or renewal of SSL certificates for a period longer than one year. This change only applies to the certificates issued by Sectigo. Let's Encrypt certificates already have a non-changeable 90-day maximum lifespan.
The change is required to comply with Apple's new requirements. Apple announced that, as of September 1, 2020, its Safari browser will no longer trust newly issued SSL certificates with validity periods of two years. Two-year certificates registered up until August 31, 2020 will be trusted. Those registered on or after September 1, 2020 will not. Sectigo announced they will stop issuing two-year certificates on August 19.
The change is an indistry-wide shift and will affect all certificate authorities. In 2017, the maximum validity period was reduced from three years to two. In 2019, a new proposal was made to reduce the validity further, to one year, but the ballot (SC22) did not pass.
A few months later, Apple announced the decision to change Safari to distrust certificates with validity periods of longer than one year after September 2020, effectively forcing CAs to reduce the new certificate lifespan. Mozilla and Google have since adopted a similar policy.
The policy was finally formalizes in the CA/B forum ballot SC31: Certificates MUST NOT be valid for more than 398 days, and SHOULD NOT be valid for more than 397 days, with effective date September 1, 2020.
In order to facilitate the transition, we will no longer accept two-year purchase orders starting August 14, 2020.
As always, please contact us if you have any questions.
Italian software developer, a PADI scuba instructor and a former professional sommelier. I make awesome code and troll Anthony for fun and profit.
Elapsed time with Ruby, the right way
Elapsed time calculations based on Time.now are wrong. Learn why they are wrong and how to fix them.
Announcing DNSSEC General Availability
DNSimple is moving our DNSSEC out of beta and into general availability.