From 8195fc084bc8555ab03ecef5e9672fa741ab520d Mon Sep 17 00:00:00 2001
From: Nic <123965403+ngayerie@users.noreply.github.com>
Date: Thu, 19 Dec 2024 10:42:32 +0100
Subject: [PATCH 1/6] Update enable-universal-ssl.mdx

---
 .../edge-certificates/universal-ssl/enable-universal-ssl.mdx  | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/content/docs/ssl/edge-certificates/universal-ssl/enable-universal-ssl.mdx b/src/content/docs/ssl/edge-certificates/universal-ssl/enable-universal-ssl.mdx
index 293117a6d4ec8ab..b99d82688a6fbef 100644
--- a/src/content/docs/ssl/edge-certificates/universal-ssl/enable-universal-ssl.mdx
+++ b/src/content/docs/ssl/edge-certificates/universal-ssl/enable-universal-ssl.mdx
@@ -54,4 +54,6 @@ Once you enable Universal SSL, you can review the [activation status](/ssl/refer
 
 <Render file="universal-ssl-validity" />
 
-If you are on a [partial setup](/ssl/edge-certificates/universal-ssl/enable-universal-ssl/#partial-dns-setup), make sure [Domain control validation (DCV)](/ssl/edge-certificates/changing-dcv-method/) is configured correctly. Refer to [Troubleshooting DCV](/ssl/edge-certificates/changing-dcv-method/troubleshooting/) for further help.
\ No newline at end of file
+If you are on a [partial setup](/ssl/edge-certificates/universal-ssl/enable-universal-ssl/#partial-dns-setup), make sure [Domain control validation (DCV)](/ssl/edge-certificates/changing-dcv-method/) is configured correctly. Refer to [Troubleshooting DCV](/ssl/edge-certificates/changing-dcv-method/troubleshooting/) for further help.
+
+If a valid replacement - covering some or all of the SANs in the expiring certificate - is already available, Cloudflare will remove the expiring Universal certificate in the 24 hours before expiration. There is no expected downtime due to certificate transition.

From d9842c38b51b0e65bf0e1a9121be28244e5fc9de Mon Sep 17 00:00:00 2001
From: Rebecca Tamachiro <rtamachiro@cloudflare.com>
Date: Thu, 26 Dec 2024 10:20:51 +0000
Subject: [PATCH 2/6] Replace added paragraph by link out to
 cert-validity-periods

---
 .../edge-certificates/universal-ssl/enable-universal-ssl.mdx  | 4 ++--
 src/content/partials/ssl/universal-ssl-validity.mdx           | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/content/docs/ssl/edge-certificates/universal-ssl/enable-universal-ssl.mdx b/src/content/docs/ssl/edge-certificates/universal-ssl/enable-universal-ssl.mdx
index b99d82688a6fbef..5431ac8fc38859a 100644
--- a/src/content/docs/ssl/edge-certificates/universal-ssl/enable-universal-ssl.mdx
+++ b/src/content/docs/ssl/edge-certificates/universal-ssl/enable-universal-ssl.mdx
@@ -54,6 +54,6 @@ Once you enable Universal SSL, you can review the [activation status](/ssl/refer
 
 <Render file="universal-ssl-validity" />
 
+:::note[Partial setup and DCV]
 If you are on a [partial setup](/ssl/edge-certificates/universal-ssl/enable-universal-ssl/#partial-dns-setup), make sure [Domain control validation (DCV)](/ssl/edge-certificates/changing-dcv-method/) is configured correctly. Refer to [Troubleshooting DCV](/ssl/edge-certificates/changing-dcv-method/troubleshooting/) for further help.
-
-If a valid replacement - covering some or all of the SANs in the expiring certificate - is already available, Cloudflare will remove the expiring Universal certificate in the 24 hours before expiration. There is no expected downtime due to certificate transition.
+:::
\ No newline at end of file
diff --git a/src/content/partials/ssl/universal-ssl-validity.mdx b/src/content/partials/ssl/universal-ssl-validity.mdx
index 6b2e03f56063a20..44f2f10c1971327 100644
--- a/src/content/partials/ssl/universal-ssl-validity.mdx
+++ b/src/content/partials/ssl/universal-ssl-validity.mdx
@@ -7,4 +7,4 @@ For Universal certificates, Cloudflare controls the validity periods and certifi
 
 Universal certificates issued by Let's Encrypt, Google Trust Services, or SSL.com have a 90-day validity period. Cloudflare no longer uses DigiCert for newly issued Universal certificates and, for existing ones, the validity period is being adjusted from one year to 90 days.
 
-For 90-day certificates, the auto renewal period starts 30 days before expiration.
\ No newline at end of file
+For 90-day certificates, the auto renewal period starts 30 days before expiration. For details, refer to [Validity periods and renewal](/ssl/reference/certificate-validity-periods//#failure-to-renew-and-certificate-replacement).
\ No newline at end of file

From 0948d1d9024959b543e09ffd95f18a77b128b7ed Mon Sep 17 00:00:00 2001
From: Rebecca Tamachiro <rtamachiro@cloudflare.com>
Date: Thu, 26 Dec 2024 10:21:59 +0000
Subject: [PATCH 3/6] Adjust note on cert-authorities reference page for
 conciseness

---
 src/content/docs/ssl/reference/certificate-authorities.mdx | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/content/docs/ssl/reference/certificate-authorities.mdx b/src/content/docs/ssl/reference/certificate-authorities.mdx
index 9aa42865ed4bc41..655259833857a7c 100644
--- a/src/content/docs/ssl/reference/certificate-authorities.mdx
+++ b/src/content/docs/ssl/reference/certificate-authorities.mdx
@@ -29,10 +29,10 @@ For publicly trusted certificates, Cloudflare partners with different certificat
 
 
 
-## Features, limitations and browser compatibility
+## Features, limitations, and browser compatibility
 
 :::caution[Universal SSL]
- <Render file="universal-ssl-validity" />
+For Universal certificates, Cloudflare controls the validity periods and certificate authorities (CAs), making sure that renewal always occur. For details, refer to [Universal SSL](/ssl/edge-certificates/universal-ssl/).
 :::
 
 ***

From 92dead1fe40bc354f0b078ceb2a274b07c108c29 Mon Sep 17 00:00:00 2001
From: Rebecca Tamachiro <rtamachiro@cloudflare.com>
Date: Thu, 26 Dec 2024 10:30:44 +0000
Subject: [PATCH 4/6] Fix page linking to itself

---
 .../edge-certificates/universal-ssl/enable-universal-ssl.mdx    | 2 ++
 src/content/partials/ssl/universal-ssl-validity.mdx             | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/content/docs/ssl/edge-certificates/universal-ssl/enable-universal-ssl.mdx b/src/content/docs/ssl/edge-certificates/universal-ssl/enable-universal-ssl.mdx
index 5431ac8fc38859a..8db71d0850f5cf9 100644
--- a/src/content/docs/ssl/edge-certificates/universal-ssl/enable-universal-ssl.mdx
+++ b/src/content/docs/ssl/edge-certificates/universal-ssl/enable-universal-ssl.mdx
@@ -54,6 +54,8 @@ Once you enable Universal SSL, you can review the [activation status](/ssl/refer
 
 <Render file="universal-ssl-validity" />
 
+ For details, refer to [Validity periods and renewal](/ssl/reference/certificate-validity-periods/#failure-to-renew-and-certificate-replacement).
+
 :::note[Partial setup and DCV]
 If you are on a [partial setup](/ssl/edge-certificates/universal-ssl/enable-universal-ssl/#partial-dns-setup), make sure [Domain control validation (DCV)](/ssl/edge-certificates/changing-dcv-method/) is configured correctly. Refer to [Troubleshooting DCV](/ssl/edge-certificates/changing-dcv-method/troubleshooting/) for further help.
 :::
\ No newline at end of file
diff --git a/src/content/partials/ssl/universal-ssl-validity.mdx b/src/content/partials/ssl/universal-ssl-validity.mdx
index 44f2f10c1971327..6b2e03f56063a20 100644
--- a/src/content/partials/ssl/universal-ssl-validity.mdx
+++ b/src/content/partials/ssl/universal-ssl-validity.mdx
@@ -7,4 +7,4 @@ For Universal certificates, Cloudflare controls the validity periods and certifi
 
 Universal certificates issued by Let's Encrypt, Google Trust Services, or SSL.com have a 90-day validity period. Cloudflare no longer uses DigiCert for newly issued Universal certificates and, for existing ones, the validity period is being adjusted from one year to 90 days.
 
-For 90-day certificates, the auto renewal period starts 30 days before expiration. For details, refer to [Validity periods and renewal](/ssl/reference/certificate-validity-periods//#failure-to-renew-and-certificate-replacement).
\ No newline at end of file
+For 90-day certificates, the auto renewal period starts 30 days before expiration.
\ No newline at end of file

From 4937e2cebd70245facdb86d1656168244d379a85 Mon Sep 17 00:00:00 2001
From: Rebecca Tamachiro <rtamachiro@cloudflare.com>
Date: Thu, 26 Dec 2024 11:02:48 +0000
Subject: [PATCH 5/6] Clarify info on cert-validity-periods and add link from
 ACM

---
 .../manage-certificates.mdx                   |  6 ++++++
 .../certificate-validity-periods.mdx          | 20 +++++++++----------
 2 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/src/content/docs/ssl/edge-certificates/advanced-certificate-manager/manage-certificates.mdx b/src/content/docs/ssl/edge-certificates/advanced-certificate-manager/manage-certificates.mdx
index 7ea0302ca6c97c5..944942365b5f2a1 100644
--- a/src/content/docs/ssl/edge-certificates/advanced-certificate-manager/manage-certificates.mdx
+++ b/src/content/docs/ssl/edge-certificates/advanced-certificate-manager/manage-certificates.mdx
@@ -107,3 +107,9 @@ You can configure alerts to receive notifications for changes in your certificat
 />
 
 <Render file="get-started" product="notifications" />
+
+---
+
+## Advanced certificate renewal
+
+The certificate validity period you choose determines when the auto renewal will start for your certificate. For details, refer to [Validity period and renewal](/ssl/reference/certificate-validity-periods/).
\ No newline at end of file
diff --git a/src/content/docs/ssl/reference/certificate-validity-periods.mdx b/src/content/docs/ssl/reference/certificate-validity-periods.mdx
index 411922315ce5c2d..697d0da6b7ebb82 100644
--- a/src/content/docs/ssl/reference/certificate-validity-periods.mdx
+++ b/src/content/docs/ssl/reference/certificate-validity-periods.mdx
@@ -13,13 +13,21 @@ description: Review information about available validity periods for your
 
 import { Render } from "~/components"
 
+For certificates managed by Cloudflare, attempts to renew start at the auto renewal period and continue up until 24 hours before expiration. The auto renewal period varies according to the certificate validity period, as explained in the sections below.
+
+If a certificate fails to renew and another valid certificate exists for the hostname, Cloudflare will deploy the valid certificate within the last 24 hours before expiration.
+
+:::note
+For information regarding custom certificates (managed by you), consider this other page on [renewal and expiration](/ssl/edge-certificates/custom-certificates/renewing/).
+:::
+
 ## Universal SSL
 
 <Render file="universal-ssl-validity" />
 
 ## Advanced certificates
 
-When you order an [advanced certificate](/ssl/edge-certificates/advanced-certificate-manager/manage-certificates/), you can select the following values for the **Certificate validity period**:
+When you order an [advanced certificate](/ssl/edge-certificates/advanced-certificate-manager/manage-certificates/), you can select different certificate validity periods. Each certificate validity period has a corresponding auto renewal period, when [attempts to renew](/ssl/reference/certificate-validity-periods/) will start.
 
 | Certificate validity period | Auto renewal period | Notes                                                                                  |
 | --------------------------- | ------------------- | -------------------------------------------------------------------------------------- |
@@ -44,12 +52,4 @@ First, shorter-lived certificates limit the damage from key compromise and mista
 
 Second, shorter certificates encourage automation. The more frequently you have to do a task, the more likely you will want to automate it. Automation also means that you are less likely to let a certificate expire in production or give a person access to key material.
 
-For more details on the benefits of shorter validity periods, refer to our [blog post introducing Advanced Certificate Manager](https://blog.cloudflare.com/advanced-certificate-manager/).
-
-## Failure to renew and certificate replacement
-
-For certificates managed by Cloudflare, attempts to renew start at the auto renewal period (based on the [different validity periods](/ssl/reference/certificate-validity-periods/#advanced-certificates)) and continue up until 24 hours before expiration.
-
-If a certificate fails to renew and another valid certificate exists for the hostname, Cloudflare will deploy the valid certificate within these last 24 hours.
-
-For information regarding custom certificates (managed by you), consider this other page on [renewal and expiration](/ssl/edge-certificates/custom-certificates/renewing/).
+For more details on the benefits of shorter validity periods, refer to our [blog post introducing Advanced Certificate Manager](https://blog.cloudflare.com/advanced-certificate-manager/).
\ No newline at end of file

From b515fede4a16618bf0a0a67d8142484275f1a61c Mon Sep 17 00:00:00 2001
From: Rebecca Tamachiro <rtamachiro@cloudflare.com>
Date: Thu, 26 Dec 2024 11:04:40 +0000
Subject: [PATCH 6/6] Fix broken anchor and bring DCV note into USSL validity
 partial

---
 .../universal-ssl/enable-universal-ssl.mdx                  | 6 +-----
 src/content/partials/ssl/universal-ssl-validity.mdx         | 4 ++++
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/content/docs/ssl/edge-certificates/universal-ssl/enable-universal-ssl.mdx b/src/content/docs/ssl/edge-certificates/universal-ssl/enable-universal-ssl.mdx
index 8db71d0850f5cf9..182ddd0e0f2ec5a 100644
--- a/src/content/docs/ssl/edge-certificates/universal-ssl/enable-universal-ssl.mdx
+++ b/src/content/docs/ssl/edge-certificates/universal-ssl/enable-universal-ssl.mdx
@@ -54,8 +54,4 @@ Once you enable Universal SSL, you can review the [activation status](/ssl/refer
 
 <Render file="universal-ssl-validity" />
 
- For details, refer to [Validity periods and renewal](/ssl/reference/certificate-validity-periods/#failure-to-renew-and-certificate-replacement).
-
-:::note[Partial setup and DCV]
-If you are on a [partial setup](/ssl/edge-certificates/universal-ssl/enable-universal-ssl/#partial-dns-setup), make sure [Domain control validation (DCV)](/ssl/edge-certificates/changing-dcv-method/) is configured correctly. Refer to [Troubleshooting DCV](/ssl/edge-certificates/changing-dcv-method/troubleshooting/) for further help.
-:::
\ No newline at end of file
+ For details, refer to [Validity periods and renewal](/ssl/reference/certificate-validity-periods/).
\ No newline at end of file
diff --git a/src/content/partials/ssl/universal-ssl-validity.mdx b/src/content/partials/ssl/universal-ssl-validity.mdx
index 6b2e03f56063a20..1e93a94e9cd8a9a 100644
--- a/src/content/partials/ssl/universal-ssl-validity.mdx
+++ b/src/content/partials/ssl/universal-ssl-validity.mdx
@@ -5,6 +5,10 @@
 
 For Universal certificates, Cloudflare controls the validity periods and certificate authorities (CAs), making sure that renewal always occur.
 
+:::note[Partial setup and DCV]
+If you are on a [partial setup](/ssl/edge-certificates/universal-ssl/enable-universal-ssl/#partial-dns-setup), make sure [Domain control validation (DCV)](/ssl/edge-certificates/changing-dcv-method/) is configured correctly. Refer to [Troubleshooting DCV](/ssl/edge-certificates/changing-dcv-method/troubleshooting/) for further help.
+:::
+
 Universal certificates issued by Let's Encrypt, Google Trust Services, or SSL.com have a 90-day validity period. Cloudflare no longer uses DigiCert for newly issued Universal certificates and, for existing ones, the validity period is being adjusted from one year to 90 days.
 
 For 90-day certificates, the auto renewal period starts 30 days before expiration.
\ No newline at end of file