This guide is for you if you are experiencing issues with a Sectigo SSL certificate of type DV or EV.

Sectigo Change (June 2025)

Since June 2025, Sectigo uses a new validation infrastructure called MPIC, which performs the necessary checks to issue SSL certificates (including EV and OV) from servers located around the world, and no longer solely from the United States.

A challenge is a method used by the certification authority to verify that the applicant controls the domain. This can be done through an HTTP request, a DNS record, or an email. For EV and OV certificates, this challenge is combined with checks on the organization's identity.

With this new method, validation requests can come from any country or provider. If your site or server uses geoblocking rules, a web application firewall (WAF), or a service like Cloudflare with country or ASN access restrictions, these checks may be blocked, causing validation to fail.

Even though Sectigo primarily discusses OV and EV certificates, this change can also indirectly affect DV certificates, as domain validation still relies on the ability to access the necessary resources.