Apple announced at the 49th CA/Browser Forum Face-to-Face that it will limit the term of accepted SSL certificates to 398 days as of September 1, 2020. Certificates issued on or after that date with term beyond 398 days will be distrusted in Apple products.
To Tackle this issue, Comodo (Sectigo) has decided to limit the maximum validity of an SSL Certificate to a maximum of 398 days. To accommodate this change, we have decided to leverage the multi-year subscription certificate (Subscription SSL) created by Comodo (Sectigo).
What happens to SSL certificates Issued Prior of September 1st, 2020?
Any SSL certificate issued prior to Sept. 1, 2020 is not affected by this change. They’ll remain valid for the entire two-year period and no action is required for these certificates.
What happens to Certificates issued on and after September 1st, 2020?
Since SSL Certificates can now have a maximum tenure of 398 days only, if a customer purchases a 2 year SSL Certificate, they will initially be issued a certificate with a validity of 398 days. When this validity is about to expire, you need to re-issue the certificate to extend its validity to another 398 days or the order expiration date (whichever is lower).
Note: Re-issuing a certificate should also be followed by re-installing a certificate.
Example: If a customer purchases 2-year SSL Certificate on September 1st 2020 and issues the certificate on September 2nd, 2020, their certificate will have an expiration date of October 4th, 2021 (398 days after issuance) while their order will have a validity of 2 years with expiration date of September 2nd, 2022.
In order to continue enjoying your SSL benefits, the customer will need to submit a request for re-issuing the certificate before October 4th, 2021 by sending us a CSR. Suppose they send a re-issue request on October 1st 2021. Upon validation, a new certificate would be issued with 397 day validity expiring on September 2nd, 2021 (Their order expiration date)
Can the customer do an early re-issue for a 2 year SSL Certificate?
Yes, the customer can re-issue the certificate anytime. The new Certificate comes with an extended validity period of 398 days or order expiration date (whichever is earlier).
Example: If the customer purchases a 2-year SSL Certificate on September 1st 2020 and issues the certificate on September 2nd, 2020, their certificate will have an expiration date of October 4th, 2021 (398 days after issuance) while their order has a validity of 2 years with expiration date of September 2nd, 2022.
Suppose they need to re-issue your certificate early for any reason and say they place their reissue request on January 1st 2021. Upon validation, a new certificate would be issued with 398 day validity expiring on February 2nd, 2022. Before February 2nd, 2022 they can place another re-issue request to further extend their Certificate’s validity till September 2nd, 2022 ( their order expiration date).
Does Domain Control Validation (DCV) Occur at each reissue?
Yes, DCV occurs each time a new certificate is re-issued which will need to happen at least once every 398 days.
Will I be sent a reminder to re-issue a certificate at the end of 398 days?
Yes, a reminder will be sent on the customer’s registered email address when their validity of 398 days for their 2 year SSL Certificate is about to expire.
Also, their order management page will show a notification about your certificate expiry.
How will the renewal of the 2 year SSL Certificate work now?
The customer can place a renewal request for your 2 year SSL Certificate 30 days prior to your order expiry.