Sectigo's legacy AddTrust External CA Root certificate expired on May 30, 2020.
Modern clients should largely be unaffected. Devices that received security updates after mid 2015 should have the modern USERTrust RSA Certification Authority root certificate (valid until Jan 2038) in their operating system or browser truststores and should be largely unaffected.
Legacy devices that have not received updates to support newer roots will also likely to be missing other essential security updates and support for standards required by the modern Internet. We strongly encourage decommissioning these devices if their software cannot be upgraded. Non-upgraded, legacy devices should never be exposed to the Internet and special mitigations should be applied to isolate them from neighbor systems.
Please note, the SSL certificate itself is active and modern devices and browsers do not show and would not show any error.
What to do if you faced any issues?
Remove the expired AddTrust External CA file from your server and replace it with the latest one. You can download the latest files from Client Area / API in a ZIP file or CRT format.
DV ECC | Download Sectigo ECC DV Bundle |
DV RSA | Download Sectigo RSA DV Bundle |
OV ECC | Download Sectigo OV ECC Bundle |
OV RSA | Download Sectigo OV RSA Bundle |
EV ECC | Download Sectigo EV ECC Bundle |
EV RSA | Download Sectigo EV RSA Bundle |
If you have any questions, please review the official announcement from Sectigo.