Active Incident

Updated a few seconds ago

Sectigo reporting an issue with our ACME service - Certificate Lifecycle Management PlatformOperational

Incident Status

Operational

Components

Certificate Lifecycle Management Platforms

Services

SCM (cert-manager.com), SCM (hard.cert-manager.com), SCM (eu.cert-manager.com)


May 19, 2026 2:11PM UTC
MONITORING

Performance has now stabilised, and the service is operating normally for customers interacting with the ACME endpoint. The current platform status has been set to Operational, and monitoring is ongoing to ensure continued stability. We apologise for any inconvenience this may cause and appreciate your understanding and patience. If you continue to experience any further issues, please contact our Support Team for assistance.

May 19, 2026 11:51AM UTC
INVESTIGATING

We are currently investigating an issue affecting certificate issuance via our ACME service. Customers may experience increased response times when interacting with the ACME endpoint (acme.enterprise.sectigo.com), and in some cases requests may fail with timeout errors (HTTP 504). Our engineering teams are actively working to identify the cause and restore normal service as a priority. Further updates will be provided as information becomes available.

Certificate Issuing Platforms

Operational

Certificate Lifecycle Management Platforms

Operational

Certificate Revocation Platforms

Operational

Websites

Operational

Client Areas

Operational

Time Stamping

Operational

Scheduled Maintenance

Sectigo Certificate Manager (SCM) 26.5 Release is scheduled for Saturday May 23rdPlanned Maintenance

Schedule

May 23, 2026 9:00AM - 11:00AM UTC

Components

Certificate Lifecycle Management Platforms

Services

SCM (hard.cert-manager.com), SCM (eu.cert-manager.com)

Description

The SCM 26.5 release includes the following enhancements and fixes: - SCM now supports the DNS TXT Record with the Persistent Value DCV method. (SCM-13418) - Enrollment for VMC/CMC certificates has been refined; CSRs are no longer required, and the final logo can be downloaded if validation modifies it. (SCM-14111) - ACL management has been enhanced to show all applicable ACLs at each level. (SCM-9240) - ACLs can now be disabled without being deleted to help with troubleshooting access issues. (SCM-812) - New REST API resource to manage ACLs. (SCM-11054) - Improved SSL/Mark certificate enrollment wizard to show additional domain licensing information. (SCM-14160) - Certificate expiry notifications can now target a specific certificate profile for all certificate types. (SCM-14058) - Improved filtering on Azure accounts in the UI and REST API. (SCM-14237) - Improved SSL certificate REST API list/detail responses and added a new expiresIn filter. (SCM-14213) - The TTL value of DNS records can now be configured per DNS Connector. (SCM-14218) - When renewing or replacing an SSL certificate via REST API, domains included in a CSR were not sanitized in the same way as in the original request. This could result in domain mismatches being detected incorrectly. (SCM-14047) - Improved handling of the Allowed Key Types attribute on MS CA certificate profiles. All lengths shorter than the minimum key size in the ADCS template are removed. (SCM-13866) - Details about HTTP/DNS entry names needed for VMC/CMC domain validation incorrectly showed the Sectigo domains instead of the issuing CA. (SCM-14114) - Improved handling of long username/password and SSH key passphrases. The maximum supported value is now 256 characters. (SCM-14198) - The label indicating that a domain's DCV was automated via DNS Connector was not displaying correctly. (SCM-14358) - Custom fields did not appear/disappear properly on enrollment forms when they were added/removed within SCM. (SCM-14251) - Dashboard cards for certificate types were shown even when the customer and/or admin had no access to them. (SCM-14039)
Sectigo Certificate Manager (SCM) 26.5 Release is scheduled for Saturday May 23rdPlanned Maintenance

Schedule

May 23, 2026 11:00AM - 1:00PM UTC

Components

Certificate Lifecycle Management Platforms

Services

SCM (cert-manager.com)

Description

The SCM 26.5 release includes the following enhancements and fixes: - SCM now supports the DNS TXT Record with the Persistent Value DCV method. (SCM-13418) - Enrollment for VMC/CMC certificates has been refined; CSRs are no longer required, and the final logo can be downloaded if validation modifies it. (SCM-14111) - ACL management has been enhanced to show all applicable ACLs at each level. (SCM-9240) - ACLs can now be disabled without being deleted to help with troubleshooting access issues. (SCM-812) - New REST API resource to manage ACLs. (SCM-11054) - Improved SSL/Mark certificate enrollment wizard to show additional domain licensing information. (SCM-14160) - Certificate expiry notifications can now target a specific certificate profile for all certificate types. (SCM-14058) - Improved filtering on Azure accounts in the UI and REST API. (SCM-14237) - Improved SSL certificate REST API list/detail responses and added a new expiresIn filter. (SCM-14213) - The TTL value of DNS records can now be configured per DNS Connector. (SCM-14218) - When renewing or replacing an SSL certificate via REST API, domains included in a CSR were not sanitized in the same way as in the original request. This could result in domain mismatches being detected incorrectly. (SCM-14047) - Improved handling of the Allowed Key Types attribute on MS CA certificate profiles. All lengths shorter than the minimum key size in the ADCS template are removed. (SCM-13866) - Details about HTTP/DNS entry names needed for VMC/CMC domain validation incorrectly showed the Sectigo domains instead of the issuing CA. (SCM-14114) - Improved handling of long username/password and SSH key passphrases. The maximum supported value is now 256 characters. (SCM-14198) - The label indicating that a domain's DCV was automated via DNS Connector was not displaying correctly. (SCM-14358) - Custom fields did not appear/disappear properly on enrollment forms when they were added/removed within SCM. (SCM-14251) - Dashboard cards for certificate types were shown even when the customer and/or admin had no access to them. (SCM-14039)
Planned Outage Scheduled for Infrastructure Upgrades Saturday, June 6th, 2026; 9:00am UTC.Planned Maintenance

Schedule

June 6, 2026 9:00AM - 9:00PM UTC

Components

Certificate Issuing Platforms, Certificate Lifecycle Management Platforms, Websites, Client Areas

Services

Public CA, IoT Manager, SCM (cert-manager.com), SCM (hard.cert-manager.com), secure.trust-provider.com, store.sectigo.com, Private CA, S3, store.comodoca.com, store.enterprisessl.com, store.hackerguardian.com, store.instantssl.com, store.positivessl.com, store.ssl.comodoca.com, secure.sectigo.com, store.ssl247.com, Private CA - EU, SCM (eu.cert-manager.com), api.xolphin.com, https://partner.sectigo.com/

Description

As part of a long-term project to provide infrastructure that will continue to scale with growing demand, Sectigo will perform a datacenter switchover - Date: Saturday June 6th, 2026 - Start Time: 9:00am UTC (5:00 AM ET/2:00 AM PT) - End Time: 9:00 PM UTC (5:00 PM ET/2:00 PM PT) - Duration: Up to 12 hours This switchover is estimated to run approximately twelve hours, during which time some Sectigo services will be - Unavailable Services: - SCM user interface, - Sectigo’s partner ordering APIs - Issuance of new certificates. CRL and OCSP will not be affected by this maintenance. We expect all services to resume normal operation immediately after the switchover.
Sectigo has scheduled maintenance for replacing its timestamp certificate on June 17, 2026, at 09:00 UTCPlanned Maintenance

Schedule

June 17, 2026 9:00AM - 10:00AM UTC

Components

Time Stamping

Services

http://timestamp.sectigo.com

Description

Sectigo has scheduled the replacement of its Timestamp certificate on June 17, 2026, at 09:00 UTC, with an expected duration of about 60 minutes. During this maintenance, Sectigo will also migrate its timestamp services to a new CA Hierarchy, utilizing our newly established single-purpose timestamping Root CA. No outages are expected. As the new hierarchy has been cross-signed by our longstanding UserTrust Root CA, we do not anticipate any adverse effects. Affected services: http://timestamp.sectigo.com http://timestamp.entrust.net