HTTPS Certificate Industry Phasing Out Less Secure Domain Validation Methods
Google, December 12,2025
Secure connections are the backbone of the modern web, but a certificate is only as trustworthy as the validation process and issuance practices behind it.
Recently, the Chrome Root Program and the CA/Browser Forum have taken decisive steps toward a more secure internet by adopting new security requirements for HTTPS certificate issuers.
These initiatives, driven by Ballots SC-080, SC-090, and SC-091, will sunset 11 legacy methods for Domain Control Validation. By retiring these outdated practices, which rely on weaker verification signals like physical mail, phone calls, or emails, we are closing potential loopholes for attackers and pushing the ecosystem toward automated, cryptographically verifiable security.