Home » Software Security Blog » GoDaddy Code Signing Certificates Will Be Discontinued, and No Longer Be Issued & Renewed
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...

GoDaddy Has Made the Decision to Stop Issuing & Renewing Code Signing Certificates from June 1, 2021, Onwards

GoDaddy Inc., an American company headquartered in Scottsdale, Arizona, and incorporated in Delaware, is one of the biggest publicly traded Internet registrars and web hosting companies. In addition to hosting solutions and domain registration, GoDaddy is also known for providing SSL/TLS certificates and software signing certificates.

Starting June 1, 2021, GoDaddy is terminating issuance and renewal of code signing certificates. So, if you’ve purchased a GoDaddy code signing certificate, then it’ll remain valid until its expiry date. And, once it exceeds the expiry date, you will not be able to renew it.

godaddy code signing certificates will be discontinued

But wait, there’s more… So, suppose you’ve purchased the GoDaddy Code Signing certificate. In that case, you may have received an email regarding GoDaddy discontinuing the Code Signing certificate on the email address you used at the time of purchasing the GoDaddy Code Signing certificate.

godaddy code signing discountinued alert

And, you should know that if you’ve timestamped your software while signing, it won’t cause any issues because software timestamped during the signing process remains valid even after the certificate expires. Furthermore, developers can also provide regular updates. But, if you haven’t timestamped, you’ll need to sign your software again using a Code Signing Certificate from other certificate authorities such as Comodo, DigiCert, and Sectigo once the certificate expires.

What’s the Reason for Discontinuing GoDaddy Code Signing Certificate

The exact reason hasn’t been disclosed, but we came across one Reddit post that could shed some light. In that Reddit thread, one user has provided the information from when he has asked a question in a live chat with GoDaddy.

Below is the screenshot of the conversation between that user and GoDaddy.

godaddy conversation screenshot

Here’s the transcript of the chat:

Allam at 13:59, Apr 30:

Unfortunately GoDaddy has stopped selling those ssl and we are removing the code signing team and ssl servers from GoDaddy

You at 13:59, Apr 30:

I understand that it is happening, but I would like to know the reason it is happening.

Allam at 14:01, Apr 30: Its an marketing team decision where we are having few issues with those ,so GoDaddy as an team has decided to stop

So, according to the chat between that Reddit user and GoDaddy, we can say that it’s their internal decision.

How Will It Affect Me?

As mentioned above, if you’re using a GoDaddy Code Signing Certificate for signing software, you’ll be able to continue to do so until the certificate expires. But, once the certificate expires, you’ll no longer be able to renew from GoDaddy, and you’ll have to look somewhere else.

Luckily, many code signing certificate providers offer code signing certificates from respected certificate authorities at a lesser price. So, from that point of view, you won’t need to worry about finding great options.

Yeargodaddy-logo
GoDaddy Code Signing
comodo-logo
Comodo Code Signing
comodo-logo
Comodo EV Code Signing
1 Year Price$199.00/Year$302.10/Year$395.91/Year
2 Year Price$199.00/Year$255.99/Year$337.07/Year
3 Year Price$199.00/Year$211.46/Year$277.71/Year
No Longer AvailableShop NowShop Now

For instance, from CodeSigningStore.com, you’ll be able to get a code signing certificate as low as $211.46/year from the respected CA Comodo. GoDaddy offers the same code signing certificate for a hefty $199.00/year.

However, if you’ve signed your software and timestamped it, you won’t face any issues even after the certificate expires. Likewise, if your code signing certificate hasn’t been pinned, then you’ll also be able to provide updates and patches after switching the CA.

Will It Affect My Software Users?

No, your software users won’t be affected. For instance, if your code signing certificate isn’t pinned and you’ve timestamped your software at the time of signing it, users will be able to use your software regularly. Furthermore, they’ll be able to receive updates and patches even after the GoDaddy code signing certificate expires.

Wrapping Up

All in all, we can say that it’s an internal decision of GoDaddy’s marketing department for discontinuing the issuance of the GoDaddy code signing certificate. So, until May 31, 2021, you’ll be able to renew the GoDaddy code signing certificate, and starting June 1, 2021, you’ll have to look for other CAs like Comodo or DigiCert.

However, it won’t make any difference because you’ll need to start from the beginning, even for the renewal process. So, the only difference you’ll see from the discontinuation of GoDaddy code signing certificates is that you will have no other option but to purchase a code signing certificate from another CA.