Feb 1, 2023 — Automatic delay for certificate renewal

The Certificate Provisioning System (CPS) application now provides an automatic delay after the manual cancellation of a certificate renewal before starting the next renewal.

Previously, when a certificate renewal in process was manually cancelled via the CPS user interface or API, CPS would immediately start the next renewal if the deployed certificate was within the renewal window. The renewal windows are 60 days prior to the certificate expiration for organization validated or third-party certificates, 90 days prior for extended validated certificates, and 30 days prior for domain validated certificates.

Now, after a renewal is manually canceled, CPS automatically delays for 30 minutes before starting the next renewal on the certificate. This automatic delay allows for users to modify the enrollment before the next renewal. Typical use cases include changing the DNS selections for the certificate, selecting which hostnames match this specific certificate, or changing the selected cipher profile.

This delay does not take into account the validity dates of the deployed certificate. For third-party certificates, canceling any renewal job results in new CSRs being generated. Certificates signed by a CA using the previous CSRs will not be accepted.