After December 31, 2025 Sectigo will no longer re-issue certificate under old chain.

This mainly impacts Microsoft server environments where some end users are on very old devices that do not trust Sectigo’s newer root.

In these cases, Microsoft may not honor cross-signed chain workarounds if a shorter, untrusted path exists. Sectigo and Microsoft recommend disabling or removing the problematic root from the server trust store. If that is not possible, the practical alternative may be switching the certificate to a different CA