DigiCert Revocation Incident (CNAME-Based Domain Validation)

This incident has been resolved.

All identified TLS certificates impacted by the CNAME-based Domain Validation incident were revoked on Saturday, August 3, at approximately 19:30 UTC.

If you have not reissued and deployed new certificates, please do so inside your DigiCert account. More detailed information regarding this incident and the steps you need to take are provided here: https://www.digicert.com/support/certificate-revocation-incident.

All identified certificates impacted by the CNAME-based Domain Validation incident have been revoked. Customers should anticipate Certificate Revocation Lists (CRLs) and Online Certificate Status Protocol (OCSP) to reflect revoke status in the next 0-4 hours from Saturday, August 3, at 19:30 UTC.

If you have not reissued and deployed new certificates, please do so inside your DigiCert account. More detailed information regarding this incident and the steps you need to take are provided here: https://www.digicert.com/support/certificate-revocation-incident.

Thank you for working with us on reissuing your certificates that did not have proper Domain Control Verification (DCV). This message is a reminder that all impacted certificates will be revoked no later than 19:30 UTC on AUGUST 3, 2024, without exception.

If you have already reissued and deployed new certificates to replace your impacted certificates, thank you! No further action required.

If you have not reissued and deployed new certificates, you must reissue/rekey and reinstall the impacted certificates before they are revoked no later than 19:30 UTC on August 3, 2024. More detailed information regarding this incident and the steps you need to take are provided here: https://www.digicert.com/support/certificate-revocation-incident

DigiCert continues to actively engage with customers impacted by this incident and many of them have been able to replace their certificates. Some customers have applied for a delayed revocation due to exceptional circumstances and we are working with them on their individual situations. We are no longer accepting any applications for delayed revocation.

All certificates impacted by this incident, regardless of circumstances, will be revoked no later than Saturday, August 3rd 2024, 19:30 UTC.

We have an important update regarding the ongoing certificate revocation incident: https://www.digicert.com/support/certificate-revocation-incident

DigiCert has been actively engaged with customers impacted by this incident. Many of these customers have been able to replace their certificates. Unfortunately, some customers operating critical infrastructure are not in a position to have all their certificates reissued and deployed in time without critical service interruptions.

To avoid disruption to critical services, we have engaged with browser representatives alongside these customers over the last several hours. Based on these discussions, we are now in a position to delay revocations under exceptional circumstances.
If you have not replaced your certificates yet, please send an email to delayed-revocation-request@digicert.com with the following information immediately:

1. CertCentral Account ID
2. Exceptional circumstances requiring revocation delay
3. Planned completion date, no later than Saturday, August 3rd 2024, 19:30 UTC

With this information we will file a delayed revocation bug with the browsers. Unless we hear from you by Wednesday, July 31st 2024, 19:30 UTC we will assume your certificates have been replaced and revoke them.

All impacted certificate serial numbers will continue to be listed in your DigiCert portal and will be removed once revoked. All certificates impacted by this incident, regardless of circumstances, will be revoked no later than Saturday, August 3rd 2024, 19:30 UTC.

Thank you all for your support and help through this urgent issue.