SSL Domain revalidation will be required every 398 days
Mozilla and the CA/B Forum are reducing domain validation reuse to 398 days. This will require your customers who manage prevalidated domains to revalidate their domains each year. The policy change is expected to take effect on October 1, 2021.
SSL Domain control validation (DCV) using file-based authentication
The CA/B Forum is changing file-based domain authentication, also known as file auth, token auth, http auth, or method 18 and 19. The change will disallow the use of the file-based domain control validation method for wildcard certificates and limit the effective use of the method for subdomains. Email and DNS-based DCV methods are not affected.
Currently, the industry allows domain validation at the primary domain level ( example. com) to also apply to wildcard certificates (*. example. com) and all subdomains (support. example. com) under the validated domain. The policy change will require separate file-based validation for each fully qualified domain name. Email and DNS-based validation can still be used for wildcard certificates and reused for validation of subdomains under a validated domain. The policy change is expected to take effect at the end of 2021.
Friday, May 7, 2021