Sectigo

Certificate Issuing Platforms

Operational

Certificate Lifecycle Management Platforms

Operational

Certificate Revocation Platforms

Operational

Certificate Transparency

Operational

Websites

Planned Maintenance

Client Areas

Planned Maintenance

Time Stamping

Operational

Scheduled Maintenance

Upcoming Change: DNSSEC Validation Enforcement for DCV & CAA (Effective March 11, 2026)Planned Maintenance

Schedule

March 11, 2026 2:00PM - 2:00PM UTC

Components

Certificate Issuing Platforms, Certificate Lifecycle Management Platforms, Websites, Client Areas

Locations

www.sectigo.com, www.comodoca.com, ssl.comodo.com, www.instantssl.com, www.positivessl.com, www.enterprisessl.com, Public CA, SCM (cert-manager.com), SCM (hard.cert-manager.com), secure.trust-provider.com, store.sectigo.com, www.trustlogo.com, https://comodoca.my.salesforce.com, https://comodocacommunity.force.com/s/login/, store.comodoca.com, store.enterprisessl.com, store.instantssl.com, store.positivessl.com, store.ssl.comodoca.com, secure.sectigo.com, acme.sectigo.com, store.ssl247.com, SCM (eu.cert-manager.com), www.ssl247.com, www.xolphin.com, api.xolphin.com, https://partner.sectigo.com/

Description

Starting March 11, 2026, Sectigo will enforce DNSSEC validation during Domain Control Validation (DCV) and CAA checks as part of CA/Browser Forum compliance changes. • DNSSEC remains optional. • If DNSSEC is enabled for your domain, it must validate successfully for DCV/CAA checks to succeed. • If DNSSEC validation fails (e.g., SERVFAIL), Sectigo must pause certificate issuance/reissuance until the issue is resolved, which may cause issuance delays. Recommended action: If you use DNSSEC, review and maintain your DNSSEC configuration (including key rollovers) to ensure consistent validation. For details, visit: Sectigo Compliance Update Hub https://www.sectigo.com/dcv-industry-compliance-changes FAQ https://www.sectigo.com/faq-dcv-industry-compliance-changes

March 5, 2026 8:15AM UTC

UPDATE

Starting March 11, 2026, Sectigo will enforce DNSSEC validation during Domain Control Validation (DCV) and CAA checks as part of CA/Browser Forum compliance changes. • DNSSEC remains optional. • If DNSSEC is enabled for your domain, it must validate successfully for DCV/CAA checks to succeed. • If DNSSEC validation fails (e.g., SERVFAIL), Sectigo must pause certificate issuance/reissuance until the issue is resolved, which may cause issuance delays. Recommended action: If you use DNSSEC, review and maintain your DNSSEC configuration (including key rollovers) to ensure consistent validation. For details, visit: Sectigo Compliance Update Hub sectigo.com/dcv-industry-compliance-changes FAQ sectigo.com/faq-dcv-industry-compliance-changes

StatusHistory

Powered by Status.io

Scheduled Maintenance

Upcoming Change: DNSSEC Validation Enforcement for DCV & CAA (Effective March 11, 2026)Planned Maintenance

Subscribe to receive status updates by email

Subscribe to receive status updates by webhook

Subscribe to receive status updates via RSS