Chrome 66 released to beta, which will remove trust in Symantec-issued certificates with a not-before date prior to June 1, 2016. As of this date Site Operators must be using either a Symantec-issued TLS server certificate issued on or after June 1, 2016 or a currently valid certificate issued from any other trusted CA as of Chrome 66.

Site Operators that obtained a certificate from Symantec’s old infrastructure after June 1, 2016 are unaffected by Chrome 66 but will need to obtain a new certificate by the Chrome 70 dates described below.

When I check the certificate it says valid from December 2016 till December 2018. So I think it's good for Chrome 66. But will be distrusted for Chrome 70.

Oh, I think I understand what that warning is saying now! Your cert will still be fine with Chrome 66, but it will be distrusted from Chrome 70 onward. The blog post goes on to say:

Around the week of October 23, 2018, Chrome 70 will be released, which will fully remove trust in Symantec’s old infrastructure and all of the certificates it has issued. This will affect any certificate chaining to Symantec roots, except for the small number issued by the independently-operated and audited subordinate CAs previously disclosed to Google.

Hence the "...will be distrusted in M70" warning message I see in the console. So Chrome will no longer trust any cert issued by Symantec's old infrastructure (RapidSSL and GeoTrust) by October 2018, regardless of when that cert was issued.

Are there plans to get a new cert from another CA before that October 2018 cutoff?

Hi Dave,

Yes, by the time 70 roles out I'll make sure there's an updated certificate.

Fantastic. Thanks much for confirming!