Starting on November the 15th 2021, you won’t be able to use file-based authentication for wildcard certificates. Instead, you’ll need to use DNS or email-based authentication.
DCV changes for both DigiCert and Sectigo are effective Monday, Nov. 15, 2021. This means that any certificates issued before Nov. 14 will still work as they always have in terms of DCV methods.
So, what does this mean for businesses whose certificate issuers decide to roll out these changes ahead of the Dec. 1 deadline? Let’s illustrate how these changes will affect DCV for various SAN/FQDNs based on the CAs’ Nov. 15 rollout date:
| Certificate & Domain Coverage | Validation Before Nov. 15 | Validation After Nov. 15 |
|---|---|---|
| Certificate for the wildcard *.example.com | Allows for the use of any of the three validation methods, including file-based validation | Requires the use of either the DNS- or email-based domain validation method |
| A certificate with SANs for example.com and email.example.com | Allows for the use of any of the three validation methods, including file-based validation | Requires the use of either the DNS or email-based validation, OR complete file-based validation for each SAN domain individually |
