New Certificate Authority for custom hostnames

The following changes in Certificate Authority (CA) used to issue certificates for all Umbraco Cloud sites' for new and existing custom hostnames.

Not sure if your Cloud project is using a CAA record or not?

You can use this CAA Test to check whether a CAA record is configured on your hostname(s).

Certificates for new custom hostnames

From September 26, 2022, certificates are issued using 'Google Trust Services' instead of 'DigiCert', and Certificate validity will be decreased from 1 year to 90 days.

Certificates for existing custom hostnames

From October 31, 2022, certificate renewals will no longer use 'DigiCert' as the issuing CA. The renewed certificate will instead be issued by 'Google Trust Services', and certificate validity will be decreased from 1 year to 90 days.

No action is required unless you set a Certificate Authority Authorization (CAA) record on your domain.

From October 31, 2022, Certificate renewals will no longer use 'DigiCert' as the issuing CA. This means that you need to update your CAA record to allow 'Google Trust Services' issuing certificates for your domain.

The CAA record should be changed from:

example.com. IN CAA 0 issue "digicert.com"

example.com. IN CAA 0 issue "pki.goog"

PreviousManaging Hostnames NextRewrite rules

Last updated 6 days ago