diff --git a/docs/x509/tutorial.rst b/docs/x509/tutorial.rst
index f5ca416ce..57693a79d 100644
--- a/docs/x509/tutorial.rst
+++ b/docs/x509/tutorial.rst
@@ -134,10 +134,10 @@ Then we generate the certificate itself:
     ... ).serial_number(
     ...     x509.random_serial_number()
     ... ).not_valid_before(
-    ...     datetime.datetime.utcnow()
+    ...     datetime.datetime.now(datetime.timezone.utc)
     ... ).not_valid_after(
     ...     # Our certificate will be valid for 10 days
-    ...     datetime.datetime.utcnow() + datetime.timedelta(days=10)
+    ...     datetime.datetime.now(datetime.timezone.utc) + datetime.timedelta(days=10)
     ... ).add_extension(
     ...     x509.SubjectAlternativeName([x509.DNSName(u"localhost")]),
     ...     critical=False,
diff --git a/src/rust/src/x509/common.rs b/src/rust/src/x509/common.rs
index c36763281..e38f9b321 100644
--- a/src/rust/src/x509/common.rs
+++ b/src/rust/src/x509/common.rs
@@ -540,11 +540,16 @@ pub(crate) fn py_to_datetime(
 }
 
 pub(crate) fn datetime_now(py: pyo3::Python<'_>) -> pyo3::PyResult<asn1::DateTime> {
+    let datetime_module = py.import(pyo3::intern!(py, "datetime"))?;
+    let utc = datetime_module
+        .getattr(pyo3::intern!(py, "timezone"))?
+        .getattr(pyo3::intern!(py, "utc"))?;
+
     py_to_datetime(
         py,
-        py.import(pyo3::intern!(py, "datetime"))?
+        datetime_module
             .getattr(pyo3::intern!(py, "datetime"))?
-            .call_method0(pyo3::intern!(py, "utcnow"))?,
+            .call_method1(pyo3::intern!(py, "now"), (utc,))?,
     )
 }