Reminder: SSL Certificate Validity Is Dropping to 200 Days
1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5, rated)
Loading...

Reminder: SSL Certificate Validity Is Dropping to 200 Days

Certificate validity periods are getting shorter — is your team ready to keep up with the new demands? Two options for managing shorter certificates…

There’s no way around it — certificate lifespans are getting significantly shorter:

  • Validity periods for SSL/TLS certificates will be nearly halved from 398 days to 200 days before March 15, 2026. This move is coming slightly sooner than expected, with some certification authorities (CAs) implementing their shifts to 200-day validity as soon as Feb. 24.
  • Validation data reuse periods will also be reduced. Certification authorities will have to re-verify your information significantly more frequently.

Just to be clear, this does NOT mean that you’ll need to purchase twice as many SSL certificates — you’ll just need to reissue (which is free) and reinstall your SSL certificate twice as often.

Here’s what you need to know about the coming changes, and what new SSL certificate automation tools we’re rolling out to help you. 

Let’s hash it out.

A Quick Review of Planned SSL Certificate Validity Reductions

Here’s a quick overview of what the reduced certificate validity phases look like, based on the CA/Browser Forum’s mandated maximum certificate validity periods’ effective dates:

Certificate Lifespans (Max # of Days)Certificate Renewals/Re-Issues (# Per Year)
398 days (current)~1
200 days (starting February/March 2026)~2
100 days (starting March 15, 2027)~4
47 days (starting March 15, 2029)~8

If you’d like to dig into more details on why these changes are being made, check out our blog post, Industry to Shift to 47-Day SSL/TLS Certificate Validity by 2029.

A graph illustrating the concept of shortening SSL/TLS validity periods (i.e., the number of days a certificate is valid) compared to the rising number of required certificate reissuances
Image caption: A graph illustrating the changing SSL/TLS certificate validity landscape, as validity periods shrink and the number of required certificate renewals increases over the next few years.

As is typical with changes to industry requirements, certificate authorities are implementing slightly more restrictive rules to prevent unexpected issues. Here’s a quick breakdown of how the changes will unfold for DigiCert & Sectigo:

CACertificate Validity ChangesDomain Validation Data Reuse ChangesEffective Date
DigiCertCertificate validity drops to a 199-day maximumDomain validation (DV) reuse period drops to 199 daysFor certificates issued on or after Tuesday, Feb. 24, 2026
SectigoCertificate validity drops to a 199-day maximumDCV data reuse drops to 198 daysFor certificates issued on or after Thursday, March 12, 2026

Two Options for Managing Shorter Certificates

Essentially, there are two ways to deal with the decreasing certificate lifespans:

1. Reissue + Reinstall Certificates Manually Every Six Months

You can continue purchasing the same SSL/TLS certificates you do now. For example, you can still purchase one- and three-year coverage for each certificate. However, you’ll have to manually reissue and reinstall each certificate (at no additional cost) every 199 days (~six months).

So, what’s this process look like? Let’s re-hash them:

If you choose this manual approach, ensure your reissuance notifications are enabled. While the inundation of notifications may drive you a bit crazy, it’s still better than having your certificates expire and cause outages.

2. Let SSL Automation Handle It

SSL/TLS certificate automation solutions handle your certificate reissuances, renewals, and installations (and everything in between). You can set up your SSL/TLS certificate once and not worry about it again, even as validity periods continue to decrease over time.

4 Options for SSL Automation

We offer multiple certificate automation solutions that can help you eliminate manual tasks and streamline your SSL lifecycle management, whether you have one certificate or 100:

 AutoInstall SSL® for Linux and WindowsAutoInstall SSL® for Web HostsACME-Enabled SSL CertificatesCertificate Lifecycle Management Platforms
Who It’s ForWebsite owners using cloud/VPS/ dedicated Linux and Windows serversWeb hosting providersWebsite owners who use a variety of environmentsWebsite owners managing complex environments and custom integrations
Compatible PlatformsLinux (Apache & NGINX) and Windows IIScPanel, DirectAdmin, Plesk, and WHMCScPanel, Kubernetes, Linux, Plesk, Windows IIS, and other major serversSupports a wide variety of environments
Features Full lifecycle automation

Built-in monitoring & email alerts

One-time installation (auto-renews 28 days before expiration after that)

Intuitive user interface

Easy setup wizard
Full lifecycle automation

Built-in alerts

Multi-year SSL reissuances

WYSIWYG interface for your customers
End-to-end SSL automation

Built on the globally trusted ACME protocol

Fast and easy setup with ACME agents available for most servers  
Automated certificate discovery, issuance, deployment, renewal, and revocation that eliminates manual management

Centralized interface for managing certificates

Advanced management tools & controls  
PricingStarting at $18.96/yearAvailable for PartnersStarting at $75/yearStarting at $2,500/year
 Learn MoreLearn MoreLearn MoreLearn More

Be sure to monitor your certificates as well. Installing certificates won’t do you (or your customers) any good if you don’t bother ensuring they’re active and issue-free.

It’s Time for a Little Exercise…

How much does manually managing your SSL/TLS certificates cost your business?

An infographic that illustrates how SSL certificate validity changes will affect your certificate management workload

What all of this means is that by March 2029, you’ll have to dedicate a minimum of 2.5 eight-hour workdays every year strictly to reissuing and installing 10 SSL/TLS certificates. And that number is provided you don’t have other compounding factors, such as:

  1. having more than 10 certificates to manage, and/or
  2. dealing with additional SSL reissuances or revocations throughout the year.

Imagine what you could do with all of that time if your organization had chosen to automate these tedious tasks…

Author

Casey Crane

Casey Crane is a regular contributor to and managing editor of Hashed Out. She has more than 15 years of experience in journalism and writing, including crime analysis and IT security. Casey also serves as the Content Manager at The SSL Store.