RRPproxy Homepage
RRPproxy Homepage

Two-Year Certificate Phase Out

Beginning August 18, 2020, we will only be issuing SSL/TLS certificates with a life time of one-year.

The reason is an industry-wide requirement set by Apple, Google and Mozilla stating that any two-year TLS certificate issued after August 31, 2020 will be distrusted in their browsers.

As a consequence all Certificate Authorities (CAs) will start issuing publicly-trusted SSL/TLS certificates with a validity period of one year starting September 1, 2020.

To have a unified approach and because one CA is stopping offering 2-year SSL/TLS certificates on August 19, 2020 as well as our upcoming maintenance for our SSL/TLS certificate backend on August 18, 2020 we decided to stop offering 2-year SSL/TLS certificates as of August 18, 2020.

Affected are all SSL/TLS product brands we currently offer: Sectigo, DigiCert, GeoTrust, Thawte and RapidSSL.

Which certificates are affected?

Any SSL/TLS certificates that are issued on or after September 1, 2020. This includes new certificate orders as well as reissues. As a consequence only 1 year SSL/TLS certificates are offered as of September 1, 2020.

When do I need to update my server’s current SSL/TLS certificate to comply with the new 1 year limit?

If your certificate was issued before September 1, 2020, it will not be affected by this policy change. However, when a SSL/TLS certificate expires or is reissued, it should be replaced with a SSL/TLS certificate with a maximum lifespan of 1 year.

What about reissues?

The CAs always return the remaining lifetime of a SSL/TLS certificate after a reissue. Starting September 1, 2020, the remaining lifetime will not exceed 398 days to comply with the new policy. RRPproxy synchronises the remaining lifetime using CRT information provided by the CA after a reissue.

What about other non-SSL/TLS certificates?

This change only applies to public SSL/TLS certificates. Private-root and other types of certificates (e.g. Code Signing Certificates, S/MIME certificates, etc.) will be unaffected and will have the same maximum validity that they have today.

Wedomains :)