With regards to our update in September regarding the underscores in domain names for SSL certificates, The CAB Forum has now clarified their position:
“All certificates containing an underscore character in any dNSName entry and having a validity period of more than 30 days MUST be revoked prior to January 15, 2019.
After April 30, 2019, underscore characters (“_”) MUST NOT be present in dNSName entries.”
We will be adding the underscore character to the list of invalid characters very soon to stop these any future requests going through.