diff --git a/public/_redirects b/public/_redirects
index d2eb039c758e2db..09d1a248ab75313 100644
--- a/public/_redirects
+++ b/public/_redirects
@@ -1010,6 +1010,7 @@
/ssl/certificate-transparency-monitoring/ /ssl/edge-certificates/additional-options/certificate-transparency-monitoring/ 301
/ssl/client-certificates/byo-ca-api-shield/ /ssl/client-certificates/byo-ca/ 301
/ssl/edge-certificates/certificate-transparency-monitoring/ /ssl/edge-certificates/additional-options/certificate-transparency-monitoring/ 301
+/ssl/edge-certificates/changing-dcv-method/methods/email/ /ssl/edge-certificates/changing-dcv-method/methods/ 301
/ssl/edge-certificates/custom-certificates/caa-records/ /ssl/edge-certificates/caa-records/ 301
/ssl/edge-certificates/disable-weak-cipher-suites/ /ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites/ 301
/ssl/edge-certificates/http-strict-transport-security/ /ssl/edge-certificates/additional-options/http-strict-transport-security/ 301
@@ -1021,6 +1022,8 @@
/ssl/reference/cipher-suites/custom-certificates/ /ssl/edge-certificates/custom-certificates/#certificate-packs 301
/ssl/reference/cipher-suites/matching-on-origin/ /ssl/origin-configuration/cipher-suites/#match-on-origin 301
/ssl/reference/migration-guides/lets-encrypt-chain/ /ssl/reference/certificate-authorities/#lets-encrypt 301
+/ssl/reference/migration-guides/dcv-update/ /ssl/reference/migration-guides/ 301
+/ssl/reference/migration-guides/digicert-update/ /ssl/reference/migration-guides/ 301
/ssl/reference/validation-backoff-schedule/ /ssl/edge-certificates/changing-dcv-method/validation-backoff-schedule/ 301
/ssl/universal-ssl/changing-dcv-method/ /ssl/edge-certificates/changing-dcv-method/ 301
/support/dns/how-to/certification-authority-authorization-caa-faq/ /ssl/edge-certificates/troubleshooting/caa-records/ 301
@@ -1039,6 +1042,9 @@
/cloudflare-for-platforms/cloudflare-for-saas/domain-support/worker-as-origin/ /cloudflare-for-platforms/cloudflare-for-saas/start/advanced-settings/worker-as-origin/ 301
/cloudflare-for-platforms/cloudflare-for-saas/start/hostname-verification-backoff-schedule/ /cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/backoff-schedule/ 301
/cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-verification/ /cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/ 301
+/cloudflare-for-platforms/cloudflare-for-saas/reference/status-codes/certificate-authority-specific/ /cloudflare-for-platforms/cloudflare-for-saas/reference/status-codes/ 301
+/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/cname/ /cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/ 301
+/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/email/ /cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/ 301
# workers for platforms
/cloudflare-for-platforms/workers-for-platforms/learning/ /cloudflare-for-platforms/workers-for-platforms/reference/ 301
@@ -1791,6 +1797,7 @@
/rules/url-forwarding/dynamic-redirects/* /rules/url-forwarding/single-redirects/:splat 301
/ssl/ssl-tls/* /ssl/reference/:splat 301
/ssl/reference/cipher-suites/* /ssl/edge-certificates/additional-options/cipher-suites/:splat 301
+/ssl/reference/migration-guides/digicert-update/* /ssl/reference/migration-guides/ 301
/support/account-management-billing/billing-cloudflare-add-on-services/* https://www.cloudflare.com/plans/ 301
/tenant/tutorial/* /tenant/get-started/ 301
/waf/managed-rulesets/* /waf/managed-rules/:splat 301
diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/reference/status-codes/certificate-authority-specific.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/reference/status-codes/certificate-authority-specific.mdx
deleted file mode 100644
index d943c09e04a60d3..000000000000000
--- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/reference/status-codes/certificate-authority-specific.mdx
+++ /dev/null
@@ -1,47 +0,0 @@
----
-pcx_content_type: reference
-title: Certificate authority specific
-sidebar:
- order: 4
-
----
-
-Certain certificate authorities have specific error codes.
-
-## DigiCert
-
-These codes are rooted on the `/v4/zones/:zone_id/custom_hostnames` API endpoint. They will be reported in the `validation_errors` attribute of the ssl attribute for a `custom_hostname` resource.
-
-### pending\_validation errors
-
-* **HTTP Status Code:** 201 Created on POST; 202 Accepted on PATCH; 200 OK on GET
- * **Error:** %s reported as potential risk: google\_safe\_browsing
- * **Status:** pending\_validation
- * **Reason:** Google maintains a list of URLs that contain malware or phishing. If the domain submitted for validation matches any domain in a Google URL, it will fail the risk check.
-
-* **HTTP Status Code:** 201 Created on POST; 202 Accepted on PATCH; 200 OK on GET
- * **Error:** %s reported as potential risk: risky\_keywords
- * **Status:** pending\_validation
- * **Reason:** Risky Keywords are a set of DigiCert Rules for domains that have potential risk to us or our customers. If the domain submitted for validation matches any of the risky keyword rules it will fail the risk check. (some example rules: "contains google.com", "ends with amazon.com", "equals bing.com")
-
-* **HTTP Status Code:** 201 Created on POST; 202 Accepted on PATCH; 200 OK on GET
- * **Error:** %s reported as potential risk: phishtank
- * **Status:** pending\_validation
- * **Reason:** Phishtank maintains a list of URLs that contain malware or phishing. If the domain submitted for validation matches any domain in a Phishtank URL, it will fail the risk check.
-
-* **HTTP Status Code:** 201 Created on POST; 202 Accepted on PATCH; 200 OK on GET
- * **Error:** Domain validation failed for %s
- * **Status:** pending\_validation
- * **Reason:** Could be multiple reasons, with the most common reason being that the DCV tokens have expired.
-
-### pending\_issuance errors
-
-* **HTTP Status Code:** 201 Created on POST; 202 Accepted on PATCH; 200 OK on GET
- * **Error:** Issuance blocked by a CAA error for %s
- * **Status:** pending\_issuance
- * **Reason:** The Certification Authority Authorization (CAA) DNS Resource Record allows a DNS domain name holder to specify one or more Certification Authorities (CAs) authorized to issue certificates for that domain. CAA Resource Records allow a public Certification Authority to implement additional controls to reduce the risk of unintended certificate mis-issue.
-
-* **HTTP Status Code:** 201 Created on POST; 202 Accepted on PATCH; 200 OK on GET
- * **Error:** Issuance blocked due to the Common Name being too long (over %d characters).
- * **Status:** pending\_issuance
- * **Reason:** Common names are limited to 64 characters and subject alternative names (SANs) are limited to 255 characters.
diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/provider-guides/wpengine.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/provider-guides/wpengine.mdx
index 5ace721f6975e85..f20e3fd1ca094b4 100644
--- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/provider-guides/wpengine.mdx
+++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/provider-guides/wpengine.mdx
@@ -52,6 +52,6 @@ If you cannot activate your domain using [proxied DNS records](/dns/manage-dns-r
If you encounter SSL errors, check if you have a `CAA` record.
-If you do have a `CAA` record, check that it permits SSL certificates to be issued by `digicert.com` and `letsencrypt.org`.
+If you do have a `CAA` record, check that it permits SSL certificates to be issued by `letsencrypt.org`.
For more details, refer to [CAA records](/ssl/edge-certificates/troubleshooting/caa-records/#what-caa-records-are-added-by-cloudflare).
diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/renew-certificates.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/renew-certificates.mdx
index 353747947a2d479..13ae81d8568de77 100644
--- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/renew-certificates.mdx
+++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/renew-certificates.mdx
@@ -13,9 +13,7 @@ import { Render } from "~/components"
The exact method for certificate renewal depends on whether that hostname is proxying traffic through Cloudflare and whether it is a wildcard certificate.
-Custom hostnames with DigiCert certificates currently have a validity period of one year, though DigiCert is [going to be deprecated](/ssl/reference/migration-guides/digicert-update/) soon as an option. Custom hostnames using Let's Encrypt, Google Trust Services, or SSL.com have a 90-day validity period.
-
-Certificates are available for renewal 30 days before their expiration.
+Custom hostnames certificates have a 90-day validity period and are available for renewal 30 days before their expiration.
## Non-wildcard hostnames
diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/cname.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/cname.mdx
deleted file mode 100644
index 36f13168372b8d2..000000000000000
--- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/cname.mdx
+++ /dev/null
@@ -1,28 +0,0 @@
----
-pcx_content_type: reference
-title: CNAME
-sidebar:
- order: 4
-head:
- - tag: title
- content: CNAME domain control validation (DCV)
-
----
-
-import { Render } from "~/components"
-
-
-
-:::caution
-
-
-With the [upcoming change](/ssl/reference/migration-guides/digicert-update/custom-hostname-certificates/) to certificates issued by DigiCert, CNAME DCV will soon be unsupported.
-
-
-:::
-
-Since this method is only available using the API, you need to make a [POST request](/api/resources/custom_hostnames/methods/create/) and set a `"method":"cname"` parameter.
-
-Within the `ssl` object in the response, refer to the values present in the `validation_records` array. Each record will contain a property for `cname` and `cname_target` (you can also access these values in the dashboard by clicking that specific hostname certificate). Provide these values to your customer so they can add a CNAME record at their authoritative DNS provider.
-
-
diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/email.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/email.mdx
deleted file mode 100644
index 1cedaff5d7de8be..000000000000000
--- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/email.mdx
+++ /dev/null
@@ -1,31 +0,0 @@
----
-pcx_content_type: reference
-title: Email
-sidebar:
- order: 5
-head:
- - tag: title
- content: Email domain control validation (DCV)
-
----
-
-import { Render } from "~/components"
-
-
-
-:::caution
-
-
-With the [change](/ssl/reference/migration-guides/digicert-update/custom-hostname-certificates/) to certificates issued by DigiCert, email DCV will soon be unsupported.
-
-
-:::
-
-
-
-* [**API**](/api/resources/custom_hostnames/methods/get/): Within the `ssl` object, refer to the values present in the `validation_records` array (specifically `emails`).
-* **Dashboard**: When viewing an individual certificate at **SSL/TLS** > **Custom Hostnames**, refer to the value for **Certificate validation email recipients**.
-
-
-
-
diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/http.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/http.mdx
index 64b14333199441c..764c250f7097911 100644
--- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/http.mdx
+++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/http.mdx
@@ -23,7 +23,7 @@ This HTTP validation should succeed as long as your customer is pointing to your
## Wildcard custom hostnames
-HTTP DCV validation is [no longer allowed](/ssl/reference/migration-guides/dcv-update/) for wildcard certificates. You would instead need to use [TXT validation](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/txt/).
+HTTP DCV validation is not allowed for wildcard certificates. You must use [TXT validation](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/txt/) instead.
***
diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/index.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/index.mdx
index 10de275de233680..bfaaae1a1a24f53 100644
--- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/index.mdx
+++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/index.mdx
@@ -15,14 +15,6 @@ import { Render } from "~/components"
-:::caution
-
-
-With the [upcoming change](/ssl/reference/migration-guides/digicert-update/custom-hostname-certificates/) to certificates issued by DigiCert, both [email](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/email/) and [CNAME](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/cname/) DCV will soon be unsupported.
-
-
-:::
-
## DCV situations
### Non-wildcard certificates
diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/troubleshooting.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/troubleshooting.mdx
index 32302eccb75a1c6..ffaf1ccff100531 100644
--- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/troubleshooting.mdx
+++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/troubleshooting.mdx
@@ -26,7 +26,6 @@ If a domain is flagged by the CA, you need to contact Support before validation
If your customer has `CAA` records set on their domain, they will either need to add the following or remove `CAA` entirely:
```txt
-example.com. IN CAA 0 issue "digicert.com"
example.com. IN CAA 0 issue "letsencrypt.org"
example.com. IN CAA 0 issue "pki.goog"
```
diff --git a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/txt.mdx b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/txt.mdx
index 818a28a4a326e42..0ec646a03fc70ed 100644
--- a/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/txt.mdx
+++ b/src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/txt.mdx
@@ -62,12 +62,4 @@ You will then need to share these TXT tokens with your customers.
Your DCV tokens expire after a [certain amount of time](/cloudflare-for-platforms/cloudflare-for-saas/reference/token-validity-periods/), depending on your certificate authority.
-This means that, if your customers take too long to place their tokens at their authoritative DNS provider, you may need to [get new tokens](#1-get-txt-tokens) and re-share them with your customer.
-
----
-
-### DigiCert
-
-If you create a hostname with DigiCert as the certificate authority, you only need to share one TXT record for your customer to place at their authoritative DNS provider.
-
-However, Cloudflare [will soon be deprecating](/ssl/reference/migration-guides/digicert-update/) DigiCert as an issuing CA for custom hostnames, so we recommend you follow our [migration guide](/ssl/reference/migration-guides/digicert-update/custom-hostname-certificates/) to move your custom hostnames over to another CA.
+This means that, if your customers take too long to place their tokens at their authoritative DNS provider, you may need to [get new tokens](#1-get-txt-tokens) and re-share them with your customer.
\ No newline at end of file
diff --git a/src/content/docs/pages/configuration/custom-domains.mdx b/src/content/docs/pages/configuration/custom-domains.mdx
index 8ff9293be602714..f9dc40852bb645d 100644
--- a/src/content/docs/pages/configuration/custom-domains.mdx
+++ b/src/content/docs/pages/configuration/custom-domains.mdx
@@ -100,11 +100,9 @@ To resolve this, add the necessary CAA records to allow Cloudflare to issue a ce
```
example.com. 300 IN CAA 0 issue "comodoca.com"
-example.com. 300 IN CAA 0 issue "digicert.com; cansignhttpexchanges=yes"
example.com. 300 IN CAA 0 issue "letsencrypt.org"
example.com. 300 IN CAA 0 issue "pki.goog; cansignhttpexchanges=yes"
example.com. 300 IN CAA 0 issuewild "comodoca.com"
-example.com. 300 IN CAA 0 issuewild "digicert.com; cansignhttpexchanges=yes"
example.com. 300 IN CAA 0 issuewild "letsencrypt.org"
example.com. 300 IN CAA 0 issuewild "pki.goog; cansignhttpexchanges=yes"
```
diff --git a/src/content/docs/pages/configuration/debugging-pages.mdx b/src/content/docs/pages/configuration/debugging-pages.mdx
index a023f2492757f29..2a4f6609e3bbbb2 100644
--- a/src/content/docs/pages/configuration/debugging-pages.mdx
+++ b/src/content/docs/pages/configuration/debugging-pages.mdx
@@ -157,11 +157,9 @@ To resolve this, you will need to add the following CAA records which allows all
```
example.com. 300 IN CAA 0 issue "comodoca.com"
-example.com. 300 IN CAA 0 issue "digicert.com; cansignhttpexchanges=yes"
example.com. 300 IN CAA 0 issue "letsencrypt.org"
example.com. 300 IN CAA 0 issue "pki.goog; cansignhttpexchanges=yes"
example.com. 300 IN CAA 0 issuewild "comodoca.com"
-example.com. 300 IN CAA 0 issuewild "digicert.com; cansignhttpexchanges=yes"
example.com. 300 IN CAA 0 issuewild "letsencrypt.org"
example.com. 300 IN CAA 0 issuewild "pki.goog; cansignhttpexchanges=yes"
```
diff --git a/src/content/docs/speed/optimization/other/signed-exchanges/reference.mdx b/src/content/docs/speed/optimization/other/signed-exchanges/reference.mdx
index 7840b038e5dc488..de8be02af6df538 100644
--- a/src/content/docs/speed/optimization/other/signed-exchanges/reference.mdx
+++ b/src/content/docs/speed/optimization/other/signed-exchanges/reference.mdx
@@ -30,8 +30,6 @@ dig example.com caa
```bash output
;; ANSWER SECTION:
-example.com. 3600 IN CAA 0 issue "digicert.com; cansignhttpexchanges=yes"
example.com. 3600 IN CAA 0 issue "pki.goog; cansignhttpexchanges=yes"
-example.com. 3600 IN CAA 0 issuewild "digicert.com; cansignhttpexchanges=yes"
example.com. 3600 IN CAA 0 issuewild "pki.goog; cansignhttpexchanges=yes"
```
diff --git a/src/content/docs/ssl/edge-certificates/additional-options/certificate-transparency-monitoring.mdx b/src/content/docs/ssl/edge-certificates/additional-options/certificate-transparency-monitoring.mdx
index a66574962d27ca7..ea12b920d3b957b 100644
--- a/src/content/docs/ssl/edge-certificates/additional-options/certificate-transparency-monitoring.mdx
+++ b/src/content/docs/ssl/edge-certificates/additional-options/certificate-transparency-monitoring.mdx
@@ -54,7 +54,7 @@ You *should* take action when something is clearly wrong, such as if you:
* Do not recognize the certificate issuer.
:::note
- Note that Cloudflare provisions backup certificates, so you may see a certificate listed that is not in active use for your site. The [Edge Certificates page](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates) will show all certificates requested for your site.
+ Cloudflare provisions backup certificates, so you may see a certificate listed that is not in active use for your site. The [Edge Certificates page](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates) will show all certificates requested for your site.
:::
* Have recently noticed problems with your website.
@@ -66,8 +66,6 @@ You *should* take action when something is clearly wrong, such as if you:
Only Certificate Authorities can revoke malicious certificates. If you believe an illegitimate certificate was issued for your domain, contact the Certificate Authority listed as the **Issuer** in the email.
-* [DigiCert support](https://www.digicert.com/support/#Contact)
-
* [GlobalSign support](https://support.globalsign.com/)
* [GoDaddy support](https://www.godaddy.com/contact-us?sp_hp=B)
@@ -76,7 +74,7 @@ Only Certificate Authorities can revoke malicious certificates. If you believe a
* [IdenTrust support](https://www.identrust.com/support/support-team)
-* [Let’s Encrypt support](https://letsencrypt.org/contact/)
+* [Let's Encrypt support](https://letsencrypt.org/contact/)
* [Sectigo support](https://sectigo.com/support)
diff --git a/src/content/docs/ssl/edge-certificates/advanced-certificate-manager/manage-certificates.mdx b/src/content/docs/ssl/edge-certificates/advanced-certificate-manager/manage-certificates.mdx
index 944942365b5f2a1..70604667aa00542 100644
--- a/src/content/docs/ssl/edge-certificates/advanced-certificate-manager/manage-certificates.mdx
+++ b/src/content/docs/ssl/edge-certificates/advanced-certificate-manager/manage-certificates.mdx
@@ -89,12 +89,6 @@ Normally, you only need to update DCV if you have your application on a partial
For more information about DCV, refer to [DCV methods](/ssl/edge-certificates/changing-dcv-method/).
-:::caution
-
-Due to recent changes, HTTP DCV validation will soon not be allowed for wildcard certificates or certificates with multiple Subject Alternative Names (SANs). For more details and next steps, refer to [Changes to HTTP DCV](/ssl/reference/migration-guides/dcv-update/).
-
-:::
-
---
## Set up alerts
diff --git a/src/content/docs/ssl/edge-certificates/changing-dcv-method/methods/email.mdx b/src/content/docs/ssl/edge-certificates/changing-dcv-method/methods/email.mdx
deleted file mode 100644
index 70b558de10fe7a8..000000000000000
--- a/src/content/docs/ssl/edge-certificates/changing-dcv-method/methods/email.mdx
+++ /dev/null
@@ -1,53 +0,0 @@
----
-title: Email
-pcx_content_type: how-to
-sidebar:
- order: 3
-head:
- - tag: title
- content: Email method — Domain Control Validation — SSL/TLS
-
----
-
-import { Render } from "~/components"
-
-
-
-:::note
-
-
-With the [upcoming change](/ssl/reference/migration-guides/digicert-update/advanced-certificates/) to certificates issued by DigiCert, email DCV will soon be unsupported.
-
-
-:::
-
-## Limitations
-
-Based on your chosen Certificate Authority, you may not be able to use email verification with [advanced certificates](/ssl/edge-certificates/advanced-certificate-manager/).
-
-## Setup
-
-### Specify DCV method
-
-
-
-### View DCV values
-
-Once you specify your chosen validation method, you can access the validation values by:
-
-
-
-Once you locate your certificate, find the following values:
-
-* API: `emails`
-* Dashboard: **Certificate validation email recipients**.
-
-### Complete DCV
-
-
-
-## Renewal
-
-
-
-If any one of the conditions is not met, the certificate renewal falls back to your chosen method and you will need to repeat the DCV process manually.
diff --git a/src/content/docs/ssl/edge-certificates/changing-dcv-method/validation-backoff-schedule.mdx b/src/content/docs/ssl/edge-certificates/changing-dcv-method/validation-backoff-schedule.mdx
index 6b13c0b19338146..9b7156e2f638815 100644
--- a/src/content/docs/ssl/edge-certificates/changing-dcv-method/validation-backoff-schedule.mdx
+++ b/src/content/docs/ssl/edge-certificates/changing-dcv-method/validation-backoff-schedule.mdx
@@ -29,7 +29,6 @@ The DCV process relies on tokens that are generated by the issuing certificate a
* Google Trust Services - 14 days
* Let's Encrypt - 7 days
* SSL.com - 14 days
-* DigiCert - 30 days
After this period, DCV tokens expire as dictated by the [CA/B Baseline Requirements](https://cabforum.org/baseline-requirements-documents/), and new, valid tokens must be placed.
diff --git a/src/content/docs/ssl/edge-certificates/troubleshooting/ca-faq.mdx b/src/content/docs/ssl/edge-certificates/troubleshooting/ca-faq.mdx
index bad4a2afea90379..a8b2c6992a216ff 100644
--- a/src/content/docs/ssl/edge-certificates/troubleshooting/ca-faq.mdx
+++ b/src/content/docs/ssl/edge-certificates/troubleshooting/ca-faq.mdx
@@ -21,9 +21,9 @@ Yes. Cloudflare can issue both RSA and ECDSA certificates.
### Which certificate authorities does Cloudflare use?
-Cloudflare uses Let's Encrypt, Google Trust Services, SSL.com, Sectigo, and DigiCert. You can see a complete list of products and available CAs and algorithms in the [certificate authorities reference page](/ssl/reference/certificate-authorities/).
+Cloudflare uses Let's Encrypt, Google Trust Services, SSL.com, and Sectigo. You can see a complete list of products and available CAs and algorithms in the [certificate authorities reference page](/ssl/reference/certificate-authorities/).
-[DigiCert will soon be removed as a CA from the Cloudflare pipeline](/ssl/reference/migration-guides/digicert-update/) and Sectigo is only used for [backup certificates](/ssl/edge-certificates/backup-certificates/).
+Sectigo is only used for [backup certificates](/ssl/edge-certificates/backup-certificates/).
### Are there any CA limitations I should know about?
diff --git a/src/content/docs/ssl/reference/certificate-authorities.mdx b/src/content/docs/ssl/reference/certificate-authorities.mdx
index 655259833857a7c..f0fa07d5562d944 100644
--- a/src/content/docs/ssl/reference/certificate-authorities.mdx
+++ b/src/content/docs/ssl/reference/certificate-authorities.mdx
@@ -17,17 +17,13 @@ For publicly trusted certificates, Cloudflare partners with different certificat
## Availability per certificate type and encryption algorithm
-
-
-| Certificate | Algorithm | [Let's Encrypt](#lets-encrypt) | [Google Trust Services](#google-trust-services) | [SSL.com](#sslcom) | [Sectigo](#sectigo) | [DigiCert](#digicert-deprecating-soon) |
-|---------------------|-------|---------------|-----------------------|-|---------|--------------------------|
-| [Universal](/ssl/edge-certificates/universal-ssl/)| ECDSA
RSA
(Paid plans only) | ✅
✅| ✅
✅ | ❌
❌ | N/A
N/A | ✅
Deprecating soon
✅
Deprecating soon |
-| [Advanced](/ssl/edge-certificates/advanced-certificate-manager/) | ECDSA
RSA | ✅
✅| ✅
✅ | ✅
✅
| N/A
N/A | ✅
Deprecating soon
✅
Deprecating soon |
-| [Total TLS](/ssl/edge-certificates/additional-options/total-tls/) | ECDSA
RSA | ✅
✅| ✅
✅ | ✅
✅
| N/A
N/A | ❌
❌ |
-| [SSL for SaaS](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/) | ECDSA
RSA |✅
✅| ✅
✅ | ✅
✅
| N/A
N/A | ✅
Deprecating soon
✅
Deprecating soon |
-| [Backup](/ssl/edge-certificates/backup-certificates/) | ECDSA
RSA | ✅
✅| ✅
✅ | ✅
✅ | ✅
✅ | ❌
❌ |
-
-
+| Certificate | Algorithm | [Let's Encrypt](#lets-encrypt) | [Google Trust Services](#google-trust-services) | [SSL.com](#sslcom) | [Sectigo](#sectigo) |
+|---------------------|-----------|---------------------------------|-----------------------------------------------|--------------------|--------------------|
+| [Universal](/ssl/edge-certificates/universal-ssl/)| ECDSA
RSA
(Paid plans only) | ✅
✅| ✅
✅ | ❌
❌ | N/A
N/A |
+| [Advanced](/ssl/edge-certificates/advanced-certificate-manager/) | ECDSA
RSA | ✅
✅| ✅
✅ | ✅
✅
| N/A
N/A |
+| [Total TLS](/ssl/edge-certificates/additional-options/total-tls/) | ECDSA
RSA | ✅
✅| ✅
✅ | ✅
✅
| N/A
N/A |
+| [SSL for SaaS](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/) | ECDSA
RSA |✅
✅| ✅
✅ | ✅
✅
| N/A
N/A |
+| [Backup](/ssl/edge-certificates/backup-certificates/) | ECDSA
RSA | ✅
✅| ✅
✅ | ✅
✅ | ✅
✅ |
## Features, limitations, and browser compatibility
@@ -132,27 +128,6 @@ Refer to [Sectigo documentation](https://www.sectigo.com/knowledge-base/detail/S
***
-### DigiCert (deprecating soon)
-
-* Supports [validity periods](/ssl/reference/certificate-validity-periods/) of 14, 30, and 90 days.
-* [DCV tokens](/ssl/edge-certificates/changing-dcv-method/) are valid for 30 days.
-
-#### Limitations
-
-Due to sanctions imposed by the United States, DigiCert is legally prohibited or restricted from offering its products and services to specific countries or regions. Refer to [Embargoed countries and regions](https://knowledge.digicert.com/solution/Embargoed-Countries-and-Regions.html) for details.
-
-#### Browser compatibility
-
-Refer to [DigiCert documentation](https://www.digicert.com/support/resources/faq/public-trust-and-certificates/are-digicert-tls-ssl-certificates-compatible-with-my-browser).
-
-#### Other resources
-
-[Status page](https://status.digicert.com/)
-
-[DigiCert Root CAs](https://www.digicert.com/kb/digicert-root-certificates.htm): For checking compatibility between chain and client. As explained in [Certificate pinning](/ssl/reference/certificate-pinning/), you should **not** use this list for pinning against.
-
-***
-
## CAA records
@@ -167,5 +142,4 @@ The following table lists the CAA record content for each CA:
| Let's Encrypt | `letsencrypt.org` |
| Google Trust Services | `pki.goog; cansignhttpexchanges=yes` |
| SSL.com | `ssl.com` |
-| Sectigo | `sectigo.com` |
-| DigiCert | `digicert.com; cansignhttpexchanges=yes` |
\ No newline at end of file
+| Sectigo | `sectigo.com` |
\ No newline at end of file
diff --git a/src/content/docs/ssl/reference/certificate-validity-periods.mdx b/src/content/docs/ssl/reference/certificate-validity-periods.mdx
index 697d0da6b7ebb82..ce1a929d1091301 100644
--- a/src/content/docs/ssl/reference/certificate-validity-periods.mdx
+++ b/src/content/docs/ssl/reference/certificate-validity-periods.mdx
@@ -31,7 +31,7 @@ When you order an [advanced certificate](/ssl/edge-certificates/advanced-certifi
| Certificate validity period | Auto renewal period | Notes |
| --------------------------- | ------------------- | -------------------------------------------------------------------------------------- |
-| 1 year | 30 days | Soon to be [deprecated](/ssl/reference/migration-guides/digicert-update/) |
+| 1 year | 30 days | Limited to Enterprise customers using [advanced certificates](/ssl/edge-certificates/advanced-certificate-manager/) with [SSL.com](/ssl/reference/certificate-authorities/#sslcom) |
| 3 months | 30 days | |
| 1 month | 7 days | Not supported by [Let's Encrypt](/ssl/reference/certificate-authorities/#lets-encrypt) |
| 2 weeks | 3 days | Not supported by [Let's Encrypt](/ssl/reference/certificate-authorities/#lets-encrypt) |
diff --git a/src/content/docs/ssl/reference/migration-guides/dcv-update.mdx b/src/content/docs/ssl/reference/migration-guides/dcv-update.mdx
deleted file mode 100644
index 74939d1420bb41b..000000000000000
--- a/src/content/docs/ssl/reference/migration-guides/dcv-update.mdx
+++ /dev/null
@@ -1,33 +0,0 @@
----
-pcx_content_type: reference
-title: Changes to HTTP DCV
-sidebar:
- order: 4
-
----
-
-After October 21, 2021, you will no longer be able to issue new wildcard certificates or validate existing certificates up for renewal using HTTP Domain Control Validation (DCV).
-
-If you are affected by this change, you should have also received an email from Cloudflare.
-
-## What is affected?
-
-### Advanced certificates
-
-This change affects customers using [Advanced certificates](/ssl/edge-certificates/advanced-certificate-manager/) for wildcard certificates or certificates with multiple SANs.
-
-If your application uses a full setup or already uses another method of DCV, you do not need to make any changes. Cloudflare will complete TXT DCV on your behalf
-
-If your application uses a partial (CNAME) setup, wildcard certificates, and HTTP DCV validation, you will need to [change your DCV method](/ssl/edge-certificates/changing-dcv-method/) to either TXT or Email.
-
-### SSL for SaaS
-
-This change also affects [SSL for SaaS customers](/cloudflare-for-platforms/cloudflare-for-saas/) who use HTTP DCV validation for wildcard certificates.
-
-Update your DCV method to [TXT](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/txt/) and provide the TXT validation tokens to your customers so they can add it to their DNS.
-
-If you do not make a change, Cloudflare will automatically change your DCV method to TXT and send your customer tokens to you 30 days before the certificates expire.
-
-## Why is this change happening?
-
-The Certificate Authority/Browser forum [voted against](https://cabforum.org/2021/06/03/ballot-sc45-wildcard-domain-validation/) using HTTP-based validation to prove ownership before issuing wildcard certificates. As a result of that decision, [DigiCert and other CAs](https://knowledge.digicert.com/alerts/domain-authentication-changes-in-2021.html) will be implementing the change on November 15, 2021.
diff --git a/src/content/docs/ssl/reference/migration-guides/digicert-update/advanced-certificates.mdx b/src/content/docs/ssl/reference/migration-guides/digicert-update/advanced-certificates.mdx
deleted file mode 100644
index 9fa7ab8d175dce8..000000000000000
--- a/src/content/docs/ssl/reference/migration-guides/digicert-update/advanced-certificates.mdx
+++ /dev/null
@@ -1,148 +0,0 @@
----
-pcx_content_type: reference
-title: Advanced certificates
-sidebar:
- order: 2
-head:
- - tag: title
- content: Advanced certificates - DigiCert migration guide
----
-
-import { Render, TabItem, Tabs } from "~/components";
-
-Starting on **August 31, 2023**, new Cloudflare accounts will not have the option to choose DigiCert as a certificate authority (CA) for [advanced certificates](/ssl/edge-certificates/advanced-certificate-manager/).
-
-On **October 5, 2023**, Cloudflare will stop using DigiCert as a CA for new advanced certificates. This will not affect existing advanced certificates.
-
-:::caution
-
-The advanced certificate renewals offboarding has been postponed and started gradually rolling out on October 26, 2023. This process is expected to be complete by the end of March 2024.
-
-:::
-
-On **October 26, 2023**, Cloudflare will gradually stop using DigiCert as the CA for advanced certificate renewals. This will not affect existing advanced certificates, only their renewals.
-
-
-
-
-## Summary of changes
-
-This table provides a summary of the differences between DigiCert and Cloudflare's other CAs.
-
-| Area | DigiCert | Other CAs | Actions required |
-| ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
-| Domain Control
Validation (DCV) | If a certificate has multiple hostnames in the Subject Alternative Name (SAN), one DCV record is required to complete validation. | If a certificate has multiple hostnames in the SAN, one DCV token is required for every hostname on the certificate (five hostnames in the SAN would require five DCV tokens).
This will also require two DCV tokens to validate a certificate that covers an apex and wildcard (`example.com`, `*.example.com`). | **Full zones**: As long as Cloudflare remains the Authoritative DNS provider, no action is required since Cloudflare can complete [TXT based DCV](/ssl/edge-certificates/changing-dcv-method/methods/txt/) for certificate issuances and renewals.
**Partial zones**: Cloudflare will complete [HTTP DCV](/ssl/edge-certificates/changing-dcv-method/methods/http/) for non-wildcard hostnames, as long as they are proxying traffic through Cloudflare.
For advanced certificates with wildcard hostnames, you should consider [Delegated DCV](/ssl/edge-certificates/changing-dcv-method/methods/delegated-dcv/). If that does not work, you will be required to complete [TXT DCV](/ssl/edge-certificates/changing-dcv-method/methods/txt/) for Advanced certificates with wildcard hostnames by placing the TXT DCV token at your Authoritative DNS provider. |
-| API | Customers can choose `"digicert"` as the issuing CA when using the [API](/api/resources/ssl/subresources/certificate_packs/methods/create/). | Customers can only choose `"lets_encrypt"` or `"google"` when using the [API](/api/resources/ssl/subresources/certificate_packs/methods/create/). | If you are currently using DigiCert as the issuing CA when creating advanced certificates, switch your integration to use Let's Encrypt or Google. |
-| DCV Methods | Email DCV is available. | Email DCV will be deprecated. Customers will be required to use [HTTP](/ssl/edge-certificates/changing-dcv-method/methods/http/) or [DNS](/ssl/edge-certificates/changing-dcv-method/methods/txt/) DCV. | If an existing certificate is relying on Email DCV then when the certificate comes up for renewal, Cloudflare will attempt to complete [HTTP validation](/ssl/edge-certificates/changing-dcv-method/methods/txt/). If HTTP validation is not possible, then Cloudflare will use [TXT DCV](/ssl/edge-certificates/changing-dcv-method/methods/txt/) and return the associated tokens. |
-| Validity period | Advanced certificates can be valid for 14, 30, 90, or 365 days. | Advanced certificates can be valid for 14, 30, or 90 days. | No action required. Certificates will be renewed more frequently. Certificates using 14 or 30 day validity periods will be required to use Google Trust Services on renewal. Let's Encrypt only supports certificates with 90 day validity periods. |
-| | | | |
-
-## Required actions
-
-### Before October 5, 2023
-
-If your system integrates with the Cloudflare API to [order advanced certificates](/api/resources/ssl/subresources/certificate_packs/methods/create/), you will need to update the following fields:
-
-- The `"certificate_authority"` field should either use Google Trust Services (`"google"`) or Let's Encrypt (`"lets_encrypt"`).
-- The `"validation_method"` field should either use [`"http"`](/ssl/edge-certificates/changing-dcv-method/methods/http/) (only available for [non-wildcard hostnames](/ssl/reference/migration-guides/dcv-update/)) or [`"txt"`](/ssl/edge-certificates/changing-dcv-method/methods/txt/).
-- The `"validity_days"` field should either use `14`, `30`, or `90` (14 or 30 day certificates will use Google Trust Services as the issuing CA).
-
-### Changes after October 26, 2023
-
-:::caution
-
-The advanced certificate renewals offboarding started gradually rolling out on October 26, 2023. This process is expected to be complete by the end of March 2024.
-
-:::
-
-The following changes will automatically affect certificates that are renewed after October 26, 2023. The renewed certificate will have a different certificate pack ID than the DigiCert certificate.
-
-#### Certificate authorities
-
-Throughout the gradual rollout, DigiCert certificates renewed after October 26, 2023, will be issued through a certificate authority chosen by Cloudflare (Let's Encrypt or Google Trust Services).
-
-:::note
-
-Certificates with 14 and 30 day validity periods will be renewed with Google Trust Services. 90 day certificates will either use Let's Encrypt or Google Trust Services.
-
-:::
-
-#### Validity period
-
-If the current DigiCert certificate has a 365 day validity period, that value will change to 90 in the `"validity_days"` field when the certificate is renewed.
-
-#### DCV method
-
-If the DigiCert certificate had the `"validation_method"` set to `"email"`, then this value will change to either `"txt"` or `"http"` when the certificate is renewed.
-
-Full zone certificate renewals will default to [TXT DCV](/ssl/edge-certificates/changing-dcv-method/methods/txt/) and are automatically renewed by Cloudflare. This is because Cloudflare can place the TXT DCV tokens as the Authoritative DNS provider.
-
-Partial zone certificate renewals will default to [HTTP DCV](/ssl/edge-certificates/changing-dcv-method/methods/http/), unless there is a wildcard hostname on the certificate.
-
-Certificates with wildcard hostnames will be required to complete [Delegated DCV](/ssl/edge-certificates/changing-dcv-method/methods/delegated-dcv/) or [TXT DCV](/ssl/edge-certificates/changing-dcv-method/methods/txt/).
-
-#### DCV tokens
-
-For multi-hostname or wildcard certificates using DigiCert, multiple DCV records will now be returned in the `"validation_records"` field.
-
-This is because DigiCert only requires one DCV record to be placed to validate the apex, wildcard, and subdomains on a certificate. Let's Encrypt and Google Trust Services follow the [ACME protocol](https://datatracker.ietf.org/doc/html/rfc8555) which requires that one DCV token is placed for every hostname on a certificate.
-
-If your certificate covers multiple hostnames, then on renewal you will see one DCV token associated with every hostname on the certificate. These tokens will be returned in the `"validation_records"` field.
-
-If your certificate includes a wildcard hostname, you will see a TXT DCV token returned for the wildcard hostname. Previously with DigiCert, only one TXT DCV token would have been required at the apex to complete validation for any subdomains or wildcard under the zone.
-
-### Required actions
-
-#### Certificate migration
-
-If you want to take control of migrating your certificates and choose a particular CA - instead of having Cloudflare handle migrations as certificates come up for renewal and choose a CA on your behalf - you will need to:
-
-1. Order [new certificates](/ssl/edge-certificates/advanced-certificate-manager/manage-certificates/#create-a-certificate) (applying all the [required changes](#changes-after-october-26-2023) noted before).
-2. Make sure your certificates are validated ([partial zones](#dcv---partial-zones) will require additional steps than previously).
-3. [Delete](/ssl/edge-certificates/advanced-certificate-manager/manage-certificates/#delete-a-certificate) all existing DigiCert certificates (once each has been replaced and the new certificate is active).
-
-#### DCV - Full zones
-
-For full zones[^1], the only required action is to confirm the your nameservers are still [pointing to Cloudflare](/dns/zone-setups/full-setup/setup/#verify-changes).
-
-
-
-#### DCV - Partial zones
-
-For partial zones[^2], the process depends on whether the certificate uses a wildcard hostname.
-
-
-
-
-
-##### Fetch DCV tokens
-
-To automatically fetch tokens for certificates that are coming up for renewal, set up [notifications](/notifications/notification-available/#ssltls) for **Advanced Certificate Alert** events. This notification will include the DCV tokens associated with new or renewed certificates.
-
-Notifications can be sent to an email address or a webhook.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-You will need to add all of the DCV records returned in the `validation_records` field to your Authoritative DNS provider.
-
-Once you update your DNS records, you can either [wait for the next retry](/ssl/edge-certificates/changing-dcv-method/validation-backoff-schedule/) or request an immediate recheck.
-
-
-
-Once the certificate has been validated, the certificate status will change to **Active**.
-
-[^1]: Meaning that Cloudflare is your Authoritative DNS provider.
-
-[^2]: Meaning that another DNS provider - not Cloudflare - maintains your Authoritative DNS.
diff --git a/src/content/docs/ssl/reference/migration-guides/digicert-update/custom-hostname-certificates.mdx b/src/content/docs/ssl/reference/migration-guides/digicert-update/custom-hostname-certificates.mdx
deleted file mode 100644
index 1cb5b7a2fbabfab..000000000000000
--- a/src/content/docs/ssl/reference/migration-guides/digicert-update/custom-hostname-certificates.mdx
+++ /dev/null
@@ -1,132 +0,0 @@
----
-pcx_content_type: reference
-title: SSL for SaaS
-sidebar:
- order: 3
-head:
- - tag: title
- content: SSL for SaaS certificates - DigiCert migration guide
----
-
-import { Render, TabItem, Tabs } from "~/components";
-
-Starting on **September 7, 2023**, new Cloudflare accounts will not have the option to choose DigiCert as a certificate authority (CA) for [SSL for SaaS certificates](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/).
-
-On **October 18, 2023**, Cloudflare will stop using DigiCert as an issuing certificate authority (CA) for new SSL for SaaS certificates. This will not affect existing SSL for SaaS certificates.
-
-:::caution
-
-The SSL for SaaS renewals offboarding has been postponed and started gradually rolling out on November 1, 2023.
-
-:::
-
-On **November 1, 2023**, Cloudflare will gradually stop using DigiCert as the CA for SSL for SaaS certificate renewals. This will not affect existing SSL for SaaS certificates, but only certificate renewals.
-
-The default CA - for API orders that do not specify `certificate_authority` - and the CA used for certificate renewals will shift to either Let's Encrypt or Google Trust Services.
-
-:::caution
-
-
-
-:::
-
-## Summary of changes
-
-This table provides a summary of the differences between DigiCert and our other CAs.
-
-| Area | DigiCert | Other CAs | Actions required |
-| ------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Domain Control
Validation (DCV) | To get a certificate issued for a wildcard custom hostname, one TXT DCV record is required to complete Domain Control Validation. | To get a certificate issued for a wildcard custom hostname, two TXT DCV records will be required to complete validation. | [Wildcard custom hostnames](#wildcard-custom-hostnames) will require additional DCV tokens. [Non-wildcard custom hostnames](#non-wildcard-custom-hostnames) will automatically renew as long as the hostname is proxying through Cloudflare. |
-| API | Customers can choose `"digicert"` as the issuing CA when using the [custom hostnames API](/api/resources/custom_hostnames/methods/create/). | Customers can only choose `"lets_encrypt"` or `"google"` when using the [custom hostnames API](/api/resources/custom_hostnames/methods/create/). | If you are currently using DigiCert as the issuing CA when creating custom hostnames, [switch your integration](#update-values) to use Let's Encrypt or Google. |
-| DCV Methods | CNAME and Email DCV are available. | CNAME and Email DCV will be deprecated. Customers will be required to use [HTTP](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/http/) or [TXT](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/txt/) DCV. | When certificates come up for renewal that are using CNAME or Email DCV, Cloudflare will automatically choose HTTP DCV as the default method for non-wildcard custom hostnames and TXT DCV for wildcard custom hostnames. |
-| Validity period | Custom hostname certificates have a 1 year validity period. | Custom hostnames certificates will have a 90 day validity period. | If you are using [wildcard custom hostnames](#wildcard-custom-hostnames), your customers will need to place DCV tokens at their DNS provider more frequently. [Non-wildcard custom hostname certificates](#non-wildcard-custom-hostnames) will automatically renew, as long as the hostname is actively proxying through Cloudflare. Cloudflare will handle the renewals at a more frequent rate. |
-| | | | |
-
-## Domain Control Validation (DCV) updates
-
-CNAME and Email DCV will be deprecated on **October 18, 2023**, requiring customers to use either [HTTP](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/http/), [Delegated DCV](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/delegated-dcv/), or [TXT](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/txt/) DCV.
-
-Also, the maximum validity period for certificates will be decreased from 1 year to 90 days. This means that certificates will be renewed - and require DCV - more frequently.
-
-## Required actions
-
-### Before October 18, 2023
-
-If your system integrates with the Cloudflare for SaaS API to [create custom hostnames](/api/resources/custom_hostnames/methods/create/), you will need to update:
-
-- The value sent in the `"certificate_authority"` field under the SSL object. Your integration should either use Google Trust Services (`"google"`) or Let's Encrypt (`"lets_encrypt"`).
-- The value sent in the `"method"` field under the SSL object. Your integration should either use [`"http"`](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/http/) (only available for [non-wildcard hostnames](#non-wildcard-custom-hostnames)) or [`"txt"`](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/txt/).
-
-### Before November 1, 2023
-
-We recommend that you migrate all your current custom hostnames away from DigiCert before November 1, 2023. This will give you the control to migrate custom hostnames to the new system in a controlled manner instead of having Cloudflare manage the offboarding when the certificates come up for renewal.
-
-#### Identify certificates
-
-To identify certificates that are coming up for renewal, set up [notifications](/notifications/notification-available/#ssltls) for **SSL for SaaS Custom Hostnames Alert** events.
-
-You can also send a [GET](/api/resources/custom_hostnames/methods/list/) request to the API and look for certificates with a `ssl_status` of `pending_validation` and a `certificate_authority` of `digicert` within the SSL object.
-
-To find wildcard custom hostnames specifically that are using DigiCert certificates, send a [GET](/api/resources/custom_hostnames/methods/list/) request and include `?certificate_authority=digicert&wildcard=true` in the request parameter.
-
-#### Update values
-
-You should [update](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/issue-certificates/) the following values:
-
-- **Certificate Authority**: When you update this value, it will immediately reissue the certificate. Cloudflare will continue serving the previous certificate until the new one is validated. If the certificate was previously using DigiCert and you do not update this value, Cloudflare will choose the issuing CA upon renewal.
-
- - _Dashboard_: Update the value for **SSL certificate authority** to either be **Let's Encrypt** or **Google Trust Services**.
- - _API_: Update the value sent in the `"certificate_authority"` field under the SSL object to either be `"lets_encrypt"` or `"google"`.
-
- :::note
-
- If you update the certificate authority for a wildcard custom hostname to use Let's Encrypt or Google Trust Services, you will now need to add [two DCV tokens](#wildcard-custom-hostnames) for it to validate.
- :::
-
-- **DCV Method**: You can only update this value when your certificate is up for renewal. If your certificate was previously using **Email** or **CNAME** validation and you do not update this value, Cloudflare will automatically set your DCV method to **TXT** or **HTTP** when the custom hostname comes up for renewal. We will use **HTTP** validation for non-wildcard custom hostname renewals and TXT-based DCV for wildcard custom hostname renewals.
- - _Dashboard_: Update the value for **Certificate validation method** to either be [HTTP Validation](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/http/) (only available for [non-wildcard custom hostnames](#non-wildcard-custom-hostnames)) or [TXT Validation](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/txt/).
- - _API_: Update the value sent in the `"method"` field under the SSL object to either be [`"http"`](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/http/) (only available for [non-wildcard custom hostnames](#non-wildcard-custom-hostnames)) or [`"txt"`](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/txt/).
-
-:::note
-
-After your DigiCert certificate is renewed, the API will return a new certificate pack ID.
-
-:::
-
----
-
-### Non-wildcard custom hostnames
-
-For non-wildcard hostnames, you can use HTTP DCV to automatically perform DCV as long as the custom hostname is proxying traffic through Cloudflare. Cloudflare will complete DCV on the hostname's behalf by serving the [HTTP token](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/http/).
-
-If your hostname is using another validation method, you will need to [update](/api/resources/custom_hostnames/methods/edit/) the `"method"` field in the SSL object to be `"http"`.
-
-If the custom hostname is not proxying traffic through Cloudflare, then the custom hostname domain owner will need to add the TXT or HTTP DCV token for the new certificate to validate and issue. As the SaaS provider, you will be responsible for sharing this token with the custom hostname domain owner.
-
-### Wildcard custom hostnames
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-#### Actions required
-
-As the SaaS provider, you will be responsible for sharing these DCV tokens with your customers. Let's Encrypt DCV tokens are valid for 7 days and Google Trust Services tokens are valid for 14 days. We recommend that you make this clear to your customers, so that they add the tokens in a timely manner. If your customers take longer than the token validity period to add the record then you will need to fetch updated tokens and share those in order for the certificate to validate and issue.
-
-Once your customer has added these tokens, the certificate status will change to **Active**. Cloudflare will periodically check if the DCV tokens have been placed according to the [certificate validation schedule](/ssl/edge-certificates/changing-dcv-method/validation-backoff-schedule/). Once your customer has added the records, you can make a no-change call to the custom hostnames API to restart the validation schedule for a specific hostname.
diff --git a/src/content/docs/ssl/reference/migration-guides/digicert-update/index.mdx b/src/content/docs/ssl/reference/migration-guides/digicert-update/index.mdx
deleted file mode 100644
index 581e8ac9463738f..000000000000000
--- a/src/content/docs/ssl/reference/migration-guides/digicert-update/index.mdx
+++ /dev/null
@@ -1,56 +0,0 @@
----
-pcx_content_type: navigation
-title: DigiCert update
-sidebar:
- order: 3
-
----
-
-import { DirectoryListing } from "~/components"
-
-In the latter half of 2023, Cloudflare will begin deprecating DigiCert as a certificate authority available for a variety of certificates:
-
-
-
-:::caution
-
-
-The advanced certificate renewals offboarding has been postponed and started gradually rolling out on October 26, 2023. This process is expected to be complete by the end of March 2024.
-
-The SSL for SaaS renewals offboarding has been postponed and started gradually rolling out on November 1, 2023.
-
-
-:::
-
-## Scope
-
-
-### Certificate types
-
-This migration only affects [Universal](/ssl/edge-certificates/universal-ssl/), [Advanced](/ssl/edge-certificates/advanced-certificate-manager/) and [Cloudflare for SaaS](/cloudflare-for-platforms/cloudflare-for-saas/) certificates where the certificate has been provisioned by Cloudflare using DigiCert as certificate authority.
-
-Also, this change will not impact existing certificates issued from DigiCert that Cloudflare is currently serving, but it will impact new certificate orders and renewals.
-
-Consider each specific migration guide for actions you might have to take and refer to [CAs and certificates FAQ](/ssl/edge-certificates/troubleshooting/ca-faq/) for commonly asked questions about the Cloudflare offerings and CAs that are used.
-
-:::caution[Not affected]
-Cloudflare [Origin CA certificates](/ssl/origin-configuration/origin-ca/), Cloudflare [mTLS client certificates](/ssl/client-certificates/), and [custom certificates](/ssl/edge-certificates/custom-certificates/) **are not** in the scope and thus not affected by this migration.
-:::
-
-### Other products and features
-
-As of December 14, 2024, [signed exchanges (SXG)](/speed/optimization/other/signed-exchanges/) will no longer be supported for [punycode domains](https://en.wikipedia.org/wiki/Punycode). This is due to a [limitation of Google Trust Services](/ssl/reference/certificate-authorities/#google-trust-services), which will be the only certificate authority (CA) used for SXG.
-
-## Dates reference
-
-
-
-| SSL/TLS offering | What will happen | When |
-| -------------------- | -------------------------------------------------------------------------------------------- | ----------------- |
-| Advanced certificate | New Cloudflare accounts will not have DigiCert as an option for advanced certificates. | August 31, 2023 |
-| Advanced certificate | Cloudflare will stop using DigiCert as a CA for new advanced certificate orders. | October 5, 2023 |
-| Advanced certificate | Cloudflare will gradually stop using DigiCert as the CA for advanced certificate renewals. | October 26, 2023 |
-| SSL for SaaS | New Cloudflare accounts will not have DigiCert as an option for SSL for SaaS certificates. | September 7, 2023 |
-| SSL for SaaS | Cloudflare will stop using DigiCert as a CA for new SSL for SaaS certificate orders. | October 18, 2023 |
-| SSL for SaaS | Cloudflare will gradually stop using DigiCert as a CA for SSL for SaaS certificate renewals. | November 1, 2023 |
-
diff --git a/src/content/docs/ssl/reference/migration-guides/digicert-update/universal-certificates.mdx b/src/content/docs/ssl/reference/migration-guides/digicert-update/universal-certificates.mdx
deleted file mode 100644
index ec73346724aa4b9..000000000000000
--- a/src/content/docs/ssl/reference/migration-guides/digicert-update/universal-certificates.mdx
+++ /dev/null
@@ -1,35 +0,0 @@
----
-pcx_content_type: reference
-title: Universal certificates
-sidebar:
- order: 1
-head:
- - tag: title
- content: Universal certificates - DigiCert migration guide
-
----
-
-In the second half of 2023, Cloudflare started offboarding DigiCert as a certificate authority. This change does not affect existing Universal certificates, but will apply to new certificate orders and renewals.
-
-:::caution
-
-For [Universal certificates](/ssl/edge-certificates/universal-ssl/), it is expected that DigiCert continues to be used until the end of 2024.
-:::
-
-The validity period for Universal certificates will also be decreased from one year to 90 days.
-
-## DCV changes
-
-You do not need to make any updates to the Domain Control Validation (DCV) for your zone.
-
-If your domain is using a [Full setup](/dns/zone-setups/full-setup/), Cloudflare will automatically complete [TXT-based DCV](/ssl/edge-certificates/changing-dcv-method/methods/txt/) on your behalf.
-
-If your domain is on a [Partial setup](/dns/zone-setups/partial-setup/), Cloudflare will automatically complete [HTTP-based DCV](/ssl/edge-certificates/changing-dcv-method/methods/http/) on your behalf.
-
-## Recommendations
-
-If you are currently pinning your Universal certificate, stop pinning the certificate. This will ensure your certificates are not impacted during the Universal certificate renewal.
-
-If you have CAA records that are not automatically added by Cloudflare, make sure to allow the other Cloudflare CAs to issue certificates for your domain. Since Universal SSL does not guarantee which CA will issue the certificate, it is recommended that you add [CAA records for all CAs that Cloudflare uses](/ssl/reference/certificate-authorities/#caa-records).
-
-If you want to choose the issuing CA for your certificate, [order an Advanced certificate](/ssl/edge-certificates/advanced-certificate-manager/). Once that certificate has deployed, [disable Universal SSL](/ssl/edge-certificates/universal-ssl/disable-universal-ssl/) to prevent Cloudflare from issuing the Universal certificate for you.
diff --git a/src/content/partials/ssl/caa-records-added-by-cf.mdx b/src/content/partials/ssl/caa-records-added-by-cf.mdx
index b20254d7e9810ed..dd376d5e2a10aaa 100644
--- a/src/content/partials/ssl/caa-records-added-by-cf.mdx
+++ b/src/content/partials/ssl/caa-records-added-by-cf.mdx
@@ -27,10 +27,6 @@ If Cloudflare has automatically added CAA records on your behalf, these records
0 issue "ssl.com"
0 issuewild "ssl.com"
-# CAA records added by DigiCert
-0 issue "digicert.com; cansignhttpexchanges=yes"
-0 issuewild "digicert.com; cansignhttpexchanges=yes"
-
# CAA records added by Sectigo
0 issue "sectigo.com"
0 issuewild "sectigo.com"
diff --git a/src/content/partials/ssl/dcv-cname-definition.mdx b/src/content/partials/ssl/dcv-cname-definition.mdx
deleted file mode 100644
index f9588e96a3fdd5b..000000000000000
--- a/src/content/partials/ssl/dcv-cname-definition.mdx
+++ /dev/null
@@ -1,6 +0,0 @@
----
-{}
-
----
-
-If you use **DigiCert** as your Certificate Authority (CA), you can complete DCV with a special CNAME record.
diff --git a/src/content/partials/ssl/digicert-offboarding-paused.mdx b/src/content/partials/ssl/digicert-offboarding-paused.mdx
deleted file mode 100644
index d767e7a9a36f4f9..000000000000000
--- a/src/content/partials/ssl/digicert-offboarding-paused.mdx
+++ /dev/null
@@ -1,14 +0,0 @@
----
-{}
-
----
-
-:::caution[Important]
-
-
-Though Cloudflare has paused the deadlines associated with DigiCert certificates, this will resume in the near future and - as such - affected customers should prepare their infrastructure for the switch.
-
-Cloudflare will send updated communications when we have new migration dates.
-
-
-:::
diff --git a/src/content/partials/ssl/universal-ssl-validity.mdx b/src/content/partials/ssl/universal-ssl-validity.mdx
index 1e93a94e9cd8a9a..a38597e520ae35b 100644
--- a/src/content/partials/ssl/universal-ssl-validity.mdx
+++ b/src/content/partials/ssl/universal-ssl-validity.mdx
@@ -9,6 +9,4 @@ For Universal certificates, Cloudflare controls the validity periods and certifi
If you are on a [partial setup](/ssl/edge-certificates/universal-ssl/enable-universal-ssl/#partial-dns-setup), make sure [Domain control validation (DCV)](/ssl/edge-certificates/changing-dcv-method/) is configured correctly. Refer to [Troubleshooting DCV](/ssl/edge-certificates/changing-dcv-method/troubleshooting/) for further help.
:::
-Universal certificates issued by Let's Encrypt, Google Trust Services, or SSL.com have a 90-day validity period. Cloudflare no longer uses DigiCert for newly issued Universal certificates and, for existing ones, the validity period is being adjusted from one year to 90 days.
-
-For 90-day certificates, the auto renewal period starts 30 days before expiration.
\ No newline at end of file
+Universal certificates have a 90-day validity period. The auto renewal period starts 30 days before expiration.
\ No newline at end of file