Everything you need to know about shorter certificate validity periods—explained clearly and optimised for the future of web security.

How will shorter certificate lifetimes impact automation requirements?

Shorter certificate validity periods are being introduced to strengthen online security, minimise risks from compromised certificates, and drive wider adoption of automation. These changes ensure your digital infrastructure remains secure, resilient, and future-ready.

The good news: no new automation requirements are being added. Most certificate automation platforms already manage renewals effectively. The main challenge will be whether Certificate Authorities (CAs) can scale their infrastructure to handle a higher volume of certificate requests.

  • DigiCert has invested in infrastructure upgrades for over a decade.

  • Sectigo and other leading CAs are preparing for up to 8x more certificate issuances.

  • Let’s Encrypt has already encountered capacity-related challenges.

Will TLS certificates still be available with 1-, 2-, or 3-year validity?

Yes. Multi-year SSL/TLS certificate purchases remain available, but issuance and reissuance follow the shortest limit:

  • The maximum validity allowed by the CA/Browser Forum, or

  • The remaining time left on your order.

For example:

  • A 1-year TLS certificate will continue to be reissued for the maximum validity period allowed, unless less time remains.

Are the published dates for shorter certificate lifetimes finalized?

Yes. The transition dates are confirmed and finalized:

  • Until March 15, 2026 – Maximum certificate lifetime: 398 days

  • From March 15, 2026 – Maximum certificate lifetime: 200 days

  • From March 15, 2027 – Maximum certificate lifetime: 100 days

  • From March 15, 2029 – Maximum certificate lifetime: 47 days

Will these changes affect my existing SSL/TLS certificates?

No. Active certificates remain valid until their original expiration date. However, if you request a reissue after a new validity limit takes effect, your certificate will only be valid for the shorter of:

  • The new maximum limit, or

  • The remaining time on your order.

Will Organization Validation (OV) limits follow certificate validity changes?

No. OV certificates already issued will remain valid for their full term. But if you reissue after a new validity limit is enforced, the certificate will adopt the shorter validity period.

Will Domain Control Validation (DCV) limits follow certificate validity changes?

Yes. DCV validation periods will align with certificate validity until 2029. Once certificate lifetimes are reduced to 47 days in 2029, DCV will also be shortened to just 10 days.

Found this article interesting?
Subscribe to DomainRegister´s newsletter!

You can unsubscribe at any time by simply clicking the link in the footer of our emails. For information about our privacy practices, please visit our website.

We use Mailchimp as our marketing platform. By clicking below to subscribe, you acknowledge that your information will be transferred to Mailchimp for processing. Learn more about Mailchimp s privacy practices here.

  • SSL
  • 0 uporabniku/om je bi članek v pomoč
Vam je bil odgovor v pomoč?

Povezani članki

 Professional Opinion Letter for Extended Validation

When applying for EV, it can greatly speed up the process to complete and submit a professional...

 How to secure your Plesk control panel with an SSL certificate

Plesk control panel has his own SSL certificate, signed by Plesk, but most browsers do not...

 Let's Encrypt Free SSL Certificate: why maybe it's not what you need...

Let's Encrypt is a free Certificate Authority sponsored by the Internet Security Research Group....

 Generazione certificato SSL tramite link d'invito

Una volta acquistato un certificato SSL su DomainRegister. è possibile generarlo operando...

 Deprecation of three-years SSL certificates (january, 2018)

As for March 1, 2018 a new requirement of the CA/B Forum will be applied: the maximum...