1000 FAQs, 500 tutorials and explanatory videos. Here, there are only solutions!
Resolve a Sectigo validation block
This guide is for you if you are having issues with a Sectigo SSL certificate of type DV or EV.
Sectigo Change (June 2025)
Since June 2025, Sectigo uses a new validation infrastructure called MPIC, which performs the necessary checks to issue SSL certificates (including EV and OV) from servers located around the world, and no longer solely from the United States.
A challenge is a method used by the certification authority to verify that the applicant actually controls the domain. This can be done through an HTTP request, a DNS record, or an email. For EV and OV certificates, this challenge is combined with checks on the organization's identity.
With this new method, validation requests can come from any country or internet service provider. If your site or server uses geoblocking rules, a web application firewall (WAF), or a service like Cloudflare with country or ASN access restrictions, these checks may be blocked, causing the validation to fail.
Even though Sectigo mainly discusses OV and EV certificates, this change can also indirectly affect DV certificates, since domain validation always relies on the ability to access the necessary resources.
β οΈ To avoid any issues, it is therefore recommended to temporarily disable any geographical restrictions or network filtering during certificate validation.