[SSL] Remove references to DigiCert as a CF CA (#18990)

* Delete digicert-update folder and add redirects

* Update pages that linked saying will soon be deprecated

* Also remove dcv-update, add redirects, and fix hyperlinks

* Delete certificate-authority-specific and add redirect

* Find 'digicert' and exclude simpler cases

* Remove digicert CAA records

* Fix broken links on pages that will remain

* Update certificate-authorities.mdx

* Delete features that relied on Digicert and create redirects

* Remove unused digicert-specific partials

* Remove DigiCert CAA from wpengine troubleshooting

public/_redirects

@@ -1010,6 +1010,7 @@
 /ssl/certificate-transparency-monitoring/ /ssl/edge-certificates/additional-options/certificate-transparency-monitoring/ 301
 /ssl/client-certificates/byo-ca-api-shield/ /ssl/client-certificates/byo-ca/ 301
 /ssl/edge-certificates/certificate-transparency-monitoring/ /ssl/edge-certificates/additional-options/certificate-transparency-monitoring/ 301
+/ssl/edge-certificates/changing-dcv-method/methods/email/ /ssl/edge-certificates/changing-dcv-method/methods/ 301
 /ssl/edge-certificates/custom-certificates/caa-records/ /ssl/edge-certificates/caa-records/ 301
 /ssl/edge-certificates/disable-weak-cipher-suites/ /ssl/edge-certificates/additional-options/cipher-suites/customize-cipher-suites/ 301
 /ssl/edge-certificates/http-strict-transport-security/ /ssl/edge-certificates/additional-options/http-strict-transport-security/ 301
@@ -1021,6 +1022,8 @@
 /ssl/reference/cipher-suites/custom-certificates/ /ssl/edge-certificates/custom-certificates/#certificate-packs 301
 /ssl/reference/cipher-suites/matching-on-origin/ /ssl/origin-configuration/cipher-suites/#match-on-origin 301
 /ssl/reference/migration-guides/lets-encrypt-chain/ /ssl/reference/certificate-authorities/#lets-encrypt 301
+/ssl/reference/migration-guides/dcv-update/ /ssl/reference/migration-guides/ 301
+/ssl/reference/migration-guides/digicert-update/ /ssl/reference/migration-guides/ 301
 /ssl/reference/validation-backoff-schedule/ /ssl/edge-certificates/changing-dcv-method/validation-backoff-schedule/ 301
 /ssl/universal-ssl/changing-dcv-method/ /ssl/edge-certificates/changing-dcv-method/ 301
 /support/dns/how-to/certification-authority-authorization-caa-faq/ /ssl/edge-certificates/troubleshooting/caa-records/ 301
@@ -1039,6 +1042,9 @@
 /cloudflare-for-platforms/cloudflare-for-saas/domain-support/worker-as-origin/ /cloudflare-for-platforms/cloudflare-for-saas/start/advanced-settings/worker-as-origin/ 301
 /cloudflare-for-platforms/cloudflare-for-saas/start/hostname-verification-backoff-schedule/ /cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/backoff-schedule/ 301
 /cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-verification/ /cloudflare-for-platforms/cloudflare-for-saas/domain-support/hostname-validation/ 301
+/cloudflare-for-platforms/cloudflare-for-saas/reference/status-codes/certificate-authority-specific/ /cloudflare-for-platforms/cloudflare-for-saas/reference/status-codes/ 301
+/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/cname/ /cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/ 301
+/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/email/ /cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/ 301
 
 # workers for platforms
 /cloudflare-for-platforms/workers-for-platforms/learning/ /cloudflare-for-platforms/workers-for-platforms/reference/ 301
@@ -1791,6 +1797,7 @@
 /rules/url-forwarding/dynamic-redirects/* /rules/url-forwarding/single-redirects/:splat 301
 /ssl/ssl-tls/* /ssl/reference/:splat 301
 /ssl/reference/cipher-suites/* /ssl/edge-certificates/additional-options/cipher-suites/:splat 301
+/ssl/reference/migration-guides/digicert-update/* /ssl/reference/migration-guides/ 301
 /support/account-management-billing/billing-cloudflare-add-on-services/* https://www.cloudflare.com/plans/ 301
 /tenant/tutorial/* /tenant/get-started/ 301
 /waf/managed-rulesets/* /waf/managed-rules/:splat 301

src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/saas-customers/provider-guides/wpengine.mdx

@@ -52,6 +52,6 @@ If you cannot activate your domain using [proxied DNS records](/dns/manage-dns-r
 
 If you encounter SSL errors, check if you have a `CAA` record.
 
-If you do have a `CAA` record, check that it permits SSL certificates to be issued by `digicert.com` and `letsencrypt.org`.
+If you do have a `CAA` record, check that it permits SSL certificates to be issued by `letsencrypt.org`.
 
 For more details, refer to [CAA records](/ssl/edge-certificates/troubleshooting/caa-records/#what-caa-records-are-added-by-cloudflare).

src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/renew-certificates.mdx

@@ -13,9 +13,7 @@ import { Render } from "~/components"
 
 The exact method for certificate renewal depends on whether that hostname is proxying traffic through Cloudflare and whether it is a wildcard certificate.
 
-Custom hostnames with DigiCert certificates currently have a validity period of one year, though DigiCert is [going to be deprecated](/ssl/reference/migration-guides/digicert-update/) soon as an option. Custom hostnames using Let's Encrypt, Google Trust Services, or SSL.com have a 90-day validity period.
-
-Certificates are available for renewal 30 days before their expiration.
+Custom hostnames certificates have a 90-day validity period and are available for renewal 30 days before their expiration.
 
 ## Non-wildcard hostnames
 

src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/http.mdx

@@ -23,7 +23,7 @@ This HTTP validation should succeed as long as your customer is pointing to your
 
 ## Wildcard custom hostnames
 
-HTTP DCV validation is [no longer allowed](/ssl/reference/migration-guides/dcv-update/) for wildcard certificates. You would instead need to use [TXT validation](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/txt/).
+HTTP DCV validation is not allowed for wildcard certificates. You must use [TXT validation](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/txt/) instead.
 
 ***
 

src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/index.mdx

@@ -15,14 +15,6 @@ import { Render } from "~/components"
 
 <Render file="dcv-definition" product="ssl" /> <br/>
 
-:::caution
-
-
-With the [upcoming change](/ssl/reference/migration-guides/digicert-update/custom-hostname-certificates/) to certificates issued by DigiCert, both [email](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/email/) and [CNAME](/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/cname/) DCV will soon be unsupported.
-
-
-:::
-
 ## DCV situations
 
 ### Non-wildcard certificates

src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/troubleshooting.mdx

@@ -26,7 +26,6 @@ If a domain is flagged by the CA, you need to contact Support before validation
 If your customer has `CAA` records set on their domain, they will either need to add the following or remove `CAA` entirely:
 
 ```txt
-example.com. IN CAA 0 issue "digicert.com"
 example.com. IN CAA 0 issue "letsencrypt.org"
 example.com. IN CAA 0 issue "pki.goog"
 ```

src/content/docs/cloudflare-for-platforms/cloudflare-for-saas/security/certificate-management/issue-and-validate/validate-certificates/txt.mdx

@@ -62,12 +62,4 @@ You will then need to share these TXT tokens with your customers.
 
 Your DCV tokens expire after a [certain amount of time](/cloudflare-for-platforms/cloudflare-for-saas/reference/token-validity-periods/), depending on your certificate authority.
 
-This means that, if your customers take too long to place their tokens at their authoritative DNS provider, you may need to [get new tokens](#1-get-txt-tokens) and re-share them with your customer.
-
----
-
-### DigiCert
-
-If you create a hostname with DigiCert as the certificate authority, you only need to share one TXT record for your customer to place at their authoritative DNS provider.
-
-However, Cloudflare [will soon be deprecating](/ssl/reference/migration-guides/digicert-update/) DigiCert as an issuing CA for custom hostnames, so we recommend you follow our [migration guide](/ssl/reference/migration-guides/digicert-update/custom-hostname-certificates/) to move your custom hostnames over to another CA.
+This means that, if your customers take too long to place their tokens at their authoritative DNS provider, you may need to [get new tokens](#1-get-txt-tokens) and re-share them with your customer.

src/content/docs/pages/configuration/custom-domains.mdx

@@ -100,11 +100,9 @@ To resolve this, add the necessary CAA records to allow Cloudflare to issue a ce
 
 ```
 example.com.            300     IN      CAA     0 issue "comodoca.com"
-example.com.            300     IN      CAA     0 issue "digicert.com; cansignhttpexchanges=yes"
 example.com.            300     IN      CAA     0 issue "letsencrypt.org"
 example.com.            300     IN      CAA     0 issue "pki.goog; cansignhttpexchanges=yes"
 example.com.            300     IN      CAA     0 issuewild "comodoca.com"
-example.com.            300     IN      CAA     0 issuewild "digicert.com; cansignhttpexchanges=yes"
 example.com.            300     IN      CAA     0 issuewild "letsencrypt.org"
 example.com.            300     IN      CAA     0 issuewild "pki.goog; cansignhttpexchanges=yes"
 ```

src/content/docs/pages/configuration/debugging-pages.mdx

@@ -157,11 +157,9 @@ To resolve this, you will need to add the following CAA records which allows all
 
 ```
 example.com.            300     IN      CAA     0 issue "comodoca.com"
-example.com.            300     IN      CAA     0 issue "digicert.com; cansignhttpexchanges=yes"
 example.com.            300     IN      CAA     0 issue "letsencrypt.org"
 example.com.            300     IN      CAA     0 issue "pki.goog; cansignhttpexchanges=yes"
 example.com.            300     IN      CAA     0 issuewild "comodoca.com"
-example.com.            300     IN      CAA     0 issuewild "digicert.com; cansignhttpexchanges=yes"
 example.com.            300     IN      CAA     0 issuewild "letsencrypt.org"
 example.com.            300     IN      CAA     0 issuewild "pki.goog; cansignhttpexchanges=yes"
 ```

src/content/docs/speed/optimization/other/signed-exchanges/reference.mdx

@@ -30,8 +30,6 @@ dig example.com caa
 
 ```bash output
 ;; ANSWER SECTION:
-example.com. 3600 IN CAA 0 issue "digicert.com; cansignhttpexchanges=yes"
 example.com. 3600 IN CAA 0 issue "pki.goog; cansignhttpexchanges=yes"
-example.com. 3600 IN CAA 0 issuewild "digicert.com; cansignhttpexchanges=yes"
 example.com. 3600 IN CAA 0 issuewild "pki.goog; cansignhttpexchanges=yes"
 ```

src/content/docs/ssl/edge-certificates/additional-options/certificate-transparency-monitoring.mdx

@@ -54,7 +54,7 @@ You *should* take action when something is clearly wrong, such as if you:
 * Do not recognize the certificate issuer.
   :::note
 
-  Note that Cloudflare provisions backup certificates, so you may see a certificate listed that is not in active use for your site. The [Edge Certificates page](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates) will show all certificates requested for your site. 
+  Cloudflare provisions backup certificates, so you may see a certificate listed that is not in active use for your site. The [Edge Certificates page](https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates) will show all certificates requested for your site.
   :::
 * Have recently noticed problems with your website.
 
@@ -66,8 +66,6 @@ You *should* take action when something is clearly wrong, such as if you:
 
 Only Certificate Authorities can revoke malicious certificates. If you believe an illegitimate certificate was issued for your domain, contact the Certificate Authority listed as the **Issuer** in the email.
 
-* [DigiCert support](https://www.digicert.com/support/#Contact)
-
 * [GlobalSign support](https://support.globalsign.com/)
 
 * [GoDaddy support](https://www.godaddy.com/contact-us?sp_hp=B)
@@ -76,7 +74,7 @@ Only Certificate Authorities can revoke malicious certificates. If you believe a
 
 * [IdenTrust support](https://www.identrust.com/support/support-team)
 
-* [Let’s Encrypt support](https://letsencrypt.org/contact/)
+* [Let's Encrypt support](https://letsencrypt.org/contact/)
 
 * [Sectigo support](https://sectigo.com/support)
 

src/content/docs/ssl/edge-certificates/advanced-certificate-manager/manage-certificates.mdx

@@ -89,12 +89,6 @@ Normally, you only need to update DCV if you have your application on a partial
 
 For more information about DCV, refer to [DCV methods](/ssl/edge-certificates/changing-dcv-method/).
 
-:::caution
-
-Due to recent changes, HTTP DCV validation will soon not be allowed for wildcard certificates or certificates with multiple Subject Alternative Names (SANs). For more details and next steps, refer to [Changes to HTTP DCV](/ssl/reference/migration-guides/dcv-update/).
-
-:::
-
 ---
 
 ## Set up alerts

src/content/docs/ssl/edge-certificates/changing-dcv-method/validation-backoff-schedule.mdx

@@ -29,7 +29,6 @@ The DCV process relies on tokens that are generated by the issuing certificate a
 * Google Trust Services - 14 days
 * Let's Encrypt - 7 days
 * SSL.com - 14 days
-* DigiCert - 30 days
 
 After this period, DCV tokens expire as dictated by the [CA/B Baseline Requirements](https://cabforum.org/baseline-requirements-documents/), and new, valid tokens must be placed.
 

src/content/docs/ssl/edge-certificates/troubleshooting/ca-faq.mdx

@@ -21,9 +21,9 @@ Yes. Cloudflare can issue both RSA and ECDSA certificates.
 
 ### Which certificate authorities does Cloudflare use?
 
-Cloudflare uses Let's Encrypt, Google Trust Services, SSL.com, Sectigo, and DigiCert. You can see a complete list of products and available CAs and algorithms in the [certificate authorities reference page](/ssl/reference/certificate-authorities/).
+Cloudflare uses Let's Encrypt, Google Trust Services, SSL.com, and Sectigo. You can see a complete list of products and available CAs and algorithms in the [certificate authorities reference page](/ssl/reference/certificate-authorities/).
 
-[DigiCert will soon be removed as a CA from the Cloudflare pipeline](/ssl/reference/migration-guides/digicert-update/) and Sectigo is only used for [backup certificates](/ssl/edge-certificates/backup-certificates/).
+Sectigo is only used for [backup certificates](/ssl/edge-certificates/backup-certificates/).
 
 ### Are there any CA limitations I should know about?