The CA/Browser Forum has approved a plan to reduce SSL/TLS certificate lifetimes over the next few years. Here’s the timeline and what organizations should expect.
Last updated: March 2026
The rules for SSL certificate lifetimes are changing again.
The CA/Browser Forum — the industry body that sets the policies for publicly trusted TLS certificates — has approved a plan to gradually shorten SSL certificate validity periods, eventually reducing them to just 47 days.
That’s a significant shift from the current ecosystem, where certificates are typically issued for about a year.
Fortunately, the transition is happening in phases, giving organizations time to adapt before the shortest certificate lifetimes take effect.
TL;DR
-
SSL certificate lifetimes are being reduced over the next several years
-
The current 398-day maximum lifetime will drop to 200 days in 2026, 100 days in 2027, and 47 days in 2029
-
Certificates will need to be renewed much more frequently
-
Automated certificate management will increasingly replace manual renewal processes
By 2029, publicly trusted SSL/TLS certificates will have a maximum lifetime of just 47 days — down from today’s 398-day limit.
The New SSL Certificate Lifetime Timeline
For the past several years, publicly trusted TLS certificates could be issued for a maximum of 398 days.
Under the new rules, that maximum validity period will shrink in stages:
| Effective Date | Maximum Certificate Lifetime | Domain Validation Reuse |
|---|---|---|
| Until March 15, 2026 | 398 days | 398 days |
| March 15, 2026 | 200 days | 200 days |
| March 15, 2027 | 100 days | 100 days |
| March 15, 2029 | 47 days | 10 days |
Some certificate authorities have already begun adjusting issuance policies to align with the upcoming limits.
Why Certificate Lifetimes Are Being Reduced
Shorter certificate lifetimes are primarily about reducing risk and improving the security of the web PKI ecosystem.
Reduced exposure if a key is compromised
If a certificate’s private key is compromised, shorter validity periods limit how long it can be abused.
Faster response to cryptographic changes
If vulnerabilities or policy changes occur, shorter certificate lifetimes allow the ecosystem to respond and update much faster.
Encouraging automated certificate management
The industry has been steadily moving toward automated certificate issuance and renewal. Shorter certificate lifetimes reinforce that trend.
Manual certificate renewal workflows simply don’t scale when certificates expire every few weeks.
What This Means in Practice
The most immediate impact is simple: certificates will need to be renewed far more frequently.
Instead of renewing certificates roughly once per year, organizations will eventually move toward renewal cycles happening several times per year — and ultimately roughly every six to seven weeks.
This also means that workflows relying on manual certificate installation and renewal reminders will become increasingly difficult to maintain.
Multi-year SSL subscriptions will still exist, but instead of receiving a single long-lived certificate, organizations will receive a sequence of shorter-lived certificates issued throughout the duration of the subscription.
How easyDNS Customers Can Prepare
There’s no immediate action required, but this is a good time to review how certificates are currently managed within your infrastructure.
In particular:
-
Identify where certificates are deployed across your systems
-
Confirm whether certificate renewals are automated
-
Check whether any services still rely on manual renewal processes
As certificate lifetimes shrink, automation will increasingly become the practical way to manage TLS certificates.
easyDNS offers a full range of SSL certificates along with highly reliable DNS hosting, helping organizations manage domains and certificate validation as part of a modern TLS deployment.
The Bottom Line
The move toward 47-day SSL certificates represents one of the biggest operational shifts in web PKI in years.
The goal is straightforward: reduce risk across the ecosystem while encouraging modern certificate management practices.
The transition will take place gradually over the next several years, giving organizations time to adapt their certificate management workflows before the shortest lifetimes arrive.
Leave a Reply