What’s happening?
SSL and Code Signing certificate lifecycles have been shortened by a new industry standard. These changes are the first step in a long-term plan to gradually reduce certificate validity periods.
For DigiCert certificates
DigiCert certificate lifecycles were reduced on February 24, 2026:
- DigiCert SSL certificates reduced to 199 days maximum
- DigiCert Code Signing certificates reduced to 1 year maximum
For Sectigo certificates
Sectigo reduced certificate lifecycles as follows:
- February 23, 2026 – Sectigo Code Signing certificates reduced to 1 year maximum
- March 12, 2026 – Sectigo SSL certificates reduced to 200 days maximum
Industry-wide certificate lifecycle changes
Check the table below for the timeline of each reduction phase. Note: individual CAs may have implemented changes earlier than the industry deadline.
| SSL maximum term limit | Minimum # of re-issue/replacement per year | Industry deadline |
| 200 days | ~2 | March 15, 2026 |
| 100 days | ~4 | March 15, 2027 |
| 47 days | ~8 | March 15, 2029 |
Why is this happening?
Certificate lifecycles are being shortened to increase the frequency of validation checks that only occur prior to issuance. The longer a certificate lives, there is a higher chance that the subject data it contains (such as domains and organization or individual information) will become incorrect or invalid before the certificate expires.
The primary purpose of certificate lifecycle reduction is to strengthen existing validation practices and ensure the integrity of certificate data over time.
Shorter certificates also enable you to stay on track (and compliant) with changing industry standards and updated security practices.
What do I need to do?
There is no immediate action required.
Existing certificates are not affected by these term changes and will remain trusted until their planned expiration date.
If you have a multi-year order that needs to be re-issued or renewed after the CA’s deadline, that next certificate will reflect the new maximum validity term.
Moving forward, you will follow a more frequent replacement schedule for your certificates. Don’t worry, we will continue sending early reminders when it’s almost time to re-issue or renew your certificate.
Will my current certificate be distrusted?
No, all active and valid certificates will remain trusted until their set expiration date.
What if I have a multi-year certificate plan?
Your existing multi-year SSL certificate plan will continue to be usable through the purchased term.
After the shortened term deadline, re-issuing your order will result in a new certificate with the maximum possible validity period (or as much time as is left on the plan, if it’s less than the standard maximum).
How will this affect the certificate ordering process?
There will be no changes to any of the certificate purchase, enrollment, validation, and management processes as they are now. Only the frequency of required re-issue or renewal is increasing.
Will there be new short term certificate products available for purchase?
No, our certificate products are not changing at all. We will continue to offer a minimum 1-year plan for SSL and Code Signing certificates and allow multi-year SSL plans up to 3 to 5 years (depending on the type of product).
We will not offer a 200 day or 6 month SSL certificate plan; the minimum term is 1-year.
Can I pay for just 200 days of certificate instead of a year?
No, the minimum plan available for purchase is 1-year.
How will shorter certificates affect validation?
As certificate terms get shorter, the validated data re-use period gets shorter as well. You may expect to undergo validation when re-issuing or renewing a certificate if it is passed the allowed re-use period for your domain or organization.
- Domain validation will be required every 199 days (shortened from 397 days)
- Organization validation will be required every 397 days (shortened from 825 days)
Certain SSL products may also require re-validation with every request regardless of the re-use period.
Can I automate the SSL certificate replacement process?
Yes, we now offer certificate lifecycle automation solutions that keep your certs up to date without manual intervention.
Check out the full list of options on our SSL Automation page.
Subscription SSL with AutoInstallSSL
- For Domain Validated certificates (standard and single-domain wildcard):
- RapidSSL DV SSL
- PositiveSSL DV SSL
- GeoTrust DV SSL
- Comodo/Sectigo DV SSL
- Compatible with Windows IIS, Apache/NGINX Linux servers
- Also available for web host partners using cPanel, Plesk, WHMCS
Sectigo Certificate-as-a-Service (ACME)
- PositiveSSL DV or Sectigo DV SSL using ACME protocol
- Check your server for ACME compatibility