Sectigo AddTrust Root Expiration
On May 30th, 2020, two chain certificates from the Sectigo (formerly Comodo CA) trust store expired. Modern browsers and systems should use the new chain file replacements automatically, so changes may not be required. However, in cases where the full Certificate Authority chain is installed locally, or your web server is accessed by older systems that do not have the newest root installed, the root certificate will need to be replaced on your server to avoid errors or browser warnings.
You can find the full list of chain file options below, and you will want to implement the files that match your order validation type.
In some cases, it can be easier to reissue your SSL certificate and install the new file provided on your server to automatically chain with the newest intermediate and root certificates.
SSL
Domain Validation
[Download] Sectigo RSA Domain Validation Secure Server CA [Intermediate]
[Download] USERTrust RSA Root xSigned using AAA CA [Cross Signed]
(Or)
[Download] Sectigo RSA DV Bundle [Intermediate + Cross Signed]
Organization Validation
[Download] Sectigo RSA Organization Validation Secure Server CA [Intermediate]
[Download] USERTrust RSA Root xSigned using AAA CA [Cross Signed]
(Or)
[Download] Sectigo RSA OV Bundle [Intermediate + Cross Signed]
Extended Validation
[Download] Sectigo RSA Extended Validation Secure Server CA [Intermediate]
[Download] USERTrust RSA Root xSigned using AAA CA [Cross Signed]
(Or)
[Download] Sectigo RSA EV Bundle [Intermediate + Cross Signed]
Code Signing
Standard (Organization or Individual Validation) [Download] Sectigo RSA Code Signing CA
EV Code Sign [Download] Sectigo RSA Extended Validation Code Signing CA
Secure Email
[Download] Sectigo RSA Client Authentication and Secure Email CA
Root Certificates
[Download] SHA-2 Root : USERTrust RSA Certification Authority
[Download] SHA-1 Root*: AddTrust External CA Root [expires after May 30, 2020]