Deploy SSL certificates for Apps in response to Appleās ATS restrictions
Starting from December 1, 2021, domains that use file validation (HTTP) can only issue certificates for the verified domains themselves, and do not support the issuance of wildcard certificates and its sub-domain certificates.
-
Currently, the industry allows domain verification for the main domain (domain.com) only, which is suitable for wildcard certificates (such as *.domain.com or *.sub.domain.com, etc.) and all its sub-domains (such as sub.domain.com or sub2.sub1.domain.com, etc.).
-
DigiCert will, after November 15, 2021, for domains that use file authentication, only issue certificates for the validated domains themselves. For instance, if the domain.com is validated using file authentication, only domain.com can issue certificates, not *.domain.com or sub.domain.com.
-
DNS validation and email validation are not affected, and it is recommended to use DNS or email validation methods first.
DigiCert Announcement: https://knowledge.digicert.com/alerts/domain-authentication-changes-in-2021.html
GlobalSign Announcement: https://www.globalsign.com/en/blog/upcoming-changes-publicly-trusted-tls-certificates