SSL Certificate Lifespans Just Got Cut in Half, And They’re Getting Shorter

Ssl Certificate Lifespans Just Got Cut In Half And Theyre Getting Shorter
Jordan Sprogis

Writer: Jordan Sprogis

Jordan Sprogis

Jordan Sprogis, Contributing Expert

Jordan Sprogis is a creative writer and tech researcher who has been working on online content for the better part of a decade. She holds a bachelor's degree in professional writing from Western Connecticut State University and has devoted much of her career to crafting content for various web verticals, including CyberSpyder and The Echo. Since joining HostingAdvice, Jordan has combined her storytelling ability with her fascination for advancements in technology to pen over 500 articles geared toward industry pros and newcomers alike.

See Full Bio »
Close
Lillian Castro

Editor: Lillian Castro

Lillian Castro

Lillian Castro, Senior Editor

Lillian Castro brings more than 30 years of editing and journalism experience to our team. She has written and edited for major news organizations, including The Atlanta Journal-Constitution and the New York Times, and she previously served as an adjunct instructor at the University of Florida. Today, she edits HostingAdvice content for clarity, accuracy, and reader engagement.

See Full Bio »
Close
Cristian Lopez

Reviewer: Cristian Lopez

Cristian Lopez

Cristian Lopez, News Manager

Cristian Lopez uses his Business Marketing background from the University of Illinois at Chicago to create comfortable environments for customers, clients, and colleagues to share their thoughts and ideas openly. From interviewing tech leaders to conducting UX market research projects, Cristian knows the importance of storytelling — a key variable for innovation and inspiration. His goal at HostingAdvice is to wow readers on the ever-evolving nature of the tech industry and bring his audience the most reliable and exciting content on all things hosting.

See Full Bio »
Close
Updated:
Follow the HostingAdvice team for a daily dose of tech news, trending IT discussions, and interviews with the web's most innovative technologists.
Follow Us:
1k
1k

Key Takeaways

Did you know your SSL/TLS certificate renewal window shrank in half last week? A new industrywide rule dropped the maximum lifespan from 398 days to 200.

It was approved by the CA/Browser Forum last year when members voted unanimously to reduce the SSL/TLS renewal timeframes after Apple pitched the motion just a few months before, arguing:

Shorter lifetimes limit the impact of misissuance and key compromise . . . The industry is moving toward more frequent validation to ensure that certificate data remains accurate and trustworthy over time.

By March 2027, it will go down to 100 days; by March 2029, every 47 days. That last phase in 2029 will also introduce a new limit on domain control validation (DCV) windows, down to only 10 days.

Here’s the SSL/TLS Lifespan Timeline

PhaseEffective DateCertificate LifespanDomain Validation (DCV) Reuse Window
PreviouslyBefore 2026 update398 days~30 days
Phase 12026 (now in effect)200 days~30 days
Phase 2March 2027100 days~30 days
Phase 3March 202847 days~30 days
Final PhaseMarch 202947 days10 days

Notice that 2028 is missing. That’s probably on purpose, Tim Callan, the CCO at Sectigo, suggests.

“This approach gives subscribers the opportunity to prioritize deployment of automation solutions without immediately facing a crisis if all certificates are not automated,” Callan told HostingAdvice.

As for why the steep drops, it all comes down to the state of internet security. It’s hard to argue with the logic: Shorter lifespans would mean less damage if a certificate is stolen, issued incorrectly, or compromised.

About 10-15 years ago, TLS certificates could be valid for up to five years. Apple was the first to really push back on this by having its browser, Safari, reject certificates that were older than two years old. Since nobody wanted to be blacklisted, everyone else had to follow suit.

What Shorter SSL Lifespans Mean for Hosts

If an SSL certificate is issued to the wrong party and remains valid for a year, that’s a long window. It happened in 2011 when Dutch certificate authority company DigiNotar was hacked and issued hundreds of fraudulent certificates. Domains, of course, aren’t immune either. They, too, get passed around like a hot potato.

Customers — site owners, SMBs, devs, agencies — will begin asking: Does my hosting provider handle renewals for me, or do I have to do that myself?

Providers like Cloudflare, SiteGround, and Kinsta automatically issue and renew certificates using ACME-based systems like Let’s Encrypt. Control panels like cPanel and Plesk have also been doing this for years. Providers can make sure they’re doing their part by offering:

  • Fully automated issuance and renewal (ACME, for example)
  • No customer involvement in renewals at all
  • Clear SSL status in the dashboard (if certificates are expiring every few weeks, it’s not a bad idea to show customers that it’s being handled)

It’s funny to think about — this regulation isn’t really about SSL certificates on their own. It’s more so about how the web’s evolved and what people expect now: more proof that automation is the new standard, and anything that still relies on manual upkeep is light-years behind.

Luckily, that’s where the good hosts will have the opportunity to shine the most.

About the Author

Jordan Sprogis
Jordan Sprogis
Contributing Expert

Jordan Sprogis is a creative writer and tech researcher who has been working on online content for the better part of a decade. She holds a bachelor's degree in professional writing from Western Connecticut State University and has devoted much of her career to crafting content for various web verticals, including CyberSpyder and The Echo. Since joining HostingAdvice, Jordan has combined her storytelling ability with her fascination for advancements in technology to pen over 500 articles geared toward industry pros and newcomers alike.

View Jordan Sprogis's Full Profile »