Knowledge Base

If you use TLS certificates issued from these root hierarchies and require Google Chrome trust, action may be required before July 1, 2026. TLS certificates issued from these root hierarchies before July 1, 2026, remain trusted until they expire. Code Signing certificates issued from these root hierarchies are not affected because they do not rely on browser trust.

Google has announced changes to how Certificate Transparency (CT) log lists are published and maintained.

Starting June 1, 2026, DigiCert will log all public TLS certificates, including canaries and test certificates, to at least one certificate transparency (CT) log.

To enhance digital trust, DigiCert will align our root strategy with the evolving industry standards for issuing public TLS/SSL.

During domain control validation (DCV), DigiCert performs checks from multiple globallocations using our MPIC (Multi-Perspective Issuance Corroboration) agents. In somecases, these validation attempts fail or produce inconsistent results.

On October 1, 2026, DigiCert will discontinue discovery and managed automation in CertCentral.

Stay up to date with your certificate activity by connecting your Slack Workspace DigiCert ONE’s Notification Center.

On March 3, 2026, DigiCert will start validating Domain Name System Security Extensions (DNSSEC), if present, during domain control validation and DNS Certification Authority Authorization (CAA) checks.