SSL Certificates Validity Decreasing to One Year
Following industry-wide requirements, starting August 14, 2020, we will no longer support the purchase or renewal of SSL certificates for a period longer than one year. This change only applies to the certificates issued by Sectigo. Let's Encrypt certificates already have a non-changeable 90-day maximum lifespan.
The change is required to comply with Apple's new requirements. Apple announced that, as of September 1, 2020, its Safari browser will no longer trust newly issued SSL certificates with validity periods of two years. Two-year certificates registered up until August 31, 2020 will be trusted. Those registered on or after September 1, 2020 will not. Sectigo announced they will stop issuing two-year certificates on August 19.
The change is an indistry-wide shift and will affect all certificate authorities. In 2017, the maximum validity period was reduced from three years to two. In 2019, a new proposal was made to reduce the validity further, to one year, but the ballot (SC22) did not pass.
A few months later, Apple announced the decision to change Safari to distrust certificates with validity periods of longer than one year after September 2020, effectively forcing CAs to reduce the new certificate lifespan. Mozilla and Google have since adopted a similar policy.
The policy was finally formalizes in the CA/B forum ballot SC31: Certificates MUST NOT be valid for more than 398 days, and SHOULD NOT be valid for more than 397 days, with effective date September 1, 2020.
In order to facilitate the transition, we will no longer accept two-year purchase orders starting August 14, 2020.
As always, please contact us if you have any questions.
Italian software developer, a PADI scuba instructor and a former professional sommelier. I make awesome code and troll Anthony for fun and profit.
We think domain management should be easy.
That's why we continue building DNSimple.
4.3 out of 5 stars.
Based on Trustpilot.com and G2.com reviews.
The Top DNS Servers And What They Offer
There are a lot of DNS Servers out there. We're looking at some of the top ones here and comparing their features and why some are chosen
Two years of squash merge
A retrospective of the last two years where we adopted --squash as our default merge strategy for git branches.