--- title: "SSL Certificate Lifetimes Are Shrinking: What the New 47-Day TLS Certificate Rules Mean" type: "post" post_id: "168189" slug: "ssl-certificate-lifetime-changes-47-day-certificates" canonical: "https://easydns.com/blog/2026/03/09/ssl-certificate-lifetime-changes-47-day-certificates/" markdown_url: "https://easydns.com/blog/2026/03/09/ssl-certificate-lifetime-changes-47-day-certificates.md" json_url: "https://easydns.com/blog/2026/03/09/ssl-certificate-lifetime-changes-47-day-certificates.json" txt_url: "https://easydns.com/blog/2026/03/09/ssl-certificate-lifetime-changes-47-day-certificates.txt" published: "2026-03-09T20:40:30+00:00" modified: "2026-03-09T21:16:36+00:00" author: "easydnssupport" categories: - "Uncategorized" tags: site_name: "easyDNS" publisher: "" language: "en-US" generator: "easyPress Markdown" generator_version: "1.0.3" --- *The CA/Browser Forum has approved a plan to reduce SSL/TLS certificate lifetimes over the next few years. Here’s the timeline and what organizations should expect.* **Last updated:** March 2026 The rules for **SSL certificate lifetimes** are changing again. The CA/Browser Forum — the industry body that sets the policies for publicly trusted TLS certificates — has approved a plan to **gradually shorten SSL certificate validity periods**, eventually reducing them to just **47 days**. That’s a significant shift from the current ecosystem, where certificates are typically issued for about a year. Fortunately, the transition is happening in phases, giving organizations time to adapt before the shortest certificate lifetimes take effect. --- TL;DR ----- - SSL certificate lifetimes are being reduced over the next several years - The current **398-day maximum lifetime** will drop to **200 days in 2026**, **100 days in 2027**, and **47 days in 2029** - Certificates will need to be **renewed much more frequently** - Automated certificate management will increasingly replace manual renewal processes --- > **By 2029, publicly trusted SSL/TLS certificates will have a maximum lifetime of just 47 days — down from today’s 398-day limit.** --- The New SSL Certificate Lifetime Timeline ----------------------------------------- For the past several years, publicly trusted TLS certificates could be issued for a maximum of **398 days**. Under the new rules, that maximum validity period will shrink in stages: Effective DateMaximum Certificate LifetimeDomain Validation ReuseUntil March 15, 2026398 days398 daysMarch 15, 2026200 days200 daysMarch 15, 2027100 days100 daysMarch 15, 202947 days10 days Some certificate authorities have already begun adjusting issuance policies to align with the upcoming limits. --- Why Certificate Lifetimes Are Being Reduced ------------------------------------------- Shorter certificate lifetimes are primarily about **reducing risk and improving the security of the web PKI ecosystem**. ### Reduced exposure if a key is compromised If a certificate’s private key is compromised, shorter validity periods limit how long it can be abused. ### Faster response to cryptographic changes If vulnerabilities or policy changes occur, shorter certificate lifetimes allow the ecosystem to respond and update much faster. ### Encouraging automated certificate management The industry has been steadily moving toward **automated certificate issuance and renewal**. Shorter certificate lifetimes reinforce that trend. Manual certificate renewal workflows simply don’t scale when certificates expire every few weeks. --- What This Means in Practice --------------------------- The most immediate impact is simple: **certificates will need to be renewed far more frequently.** Instead of renewing certificates roughly once per year, organizations will eventually move toward renewal cycles happening several times per year — and ultimately roughly **every six to seven weeks**. This also means that workflows relying on **manual certificate installation and renewal reminders will become increasingly difficult to maintain**. Multi-year SSL subscriptions will still exist, but instead of receiving a single long-lived certificate, organizations will receive **a sequence of shorter-lived certificates issued throughout the duration of the subscription**. --- How easyDNS Customers Can Prepare --------------------------------- There’s no immediate action required, but this is a good time to review how certificates are currently managed within your infrastructure. In particular: - Identify where certificates are deployed across your systems - Confirm whether certificate renewals are automated - Check whether any services still rely on manual renewal processes As certificate lifetimes shrink, automation will increasingly become the practical way to manage TLS certificates. easyDNS offers a full range of **[SSL certificates](https://easydns.com/products/ssl-certificates/)** along with highly reliable **[DNS hosting](https://easydns.com/products/dns-hosting/)**, helping organizations manage domains and certificate validation as part of a modern TLS deployment. --- The Bottom Line --------------- The move toward **47-day SSL certificates** represents one of the biggest operational shifts in web PKI in years. The goal is straightforward: reduce risk across the ecosystem while encouraging modern certificate management practices. The transition will take place gradually over the next several years, giving organizations time to adapt their certificate management workflows before the shortest lifetimes arrive.