SSL Certificate Validity Is Changing: What You Need to Know for 2026 and Beyond

The world of SSL/TLS certificates is about to undergo its most significant transformation in over a decade. Following a lengthy, and often heated debate among all domain name and security stakeholders, a decision has been approved via a member ballot at the CA/Browser Forum, to reduce the maximum validity period for publicly trusted SSL/TLS certificates in phases, ending with a maximum certificate length of just 47 days by 2029.

Here’s what’s changing, why it matters, and how Com Laude recommends preparing your domain portfolio to ensure you remain present and protected as the landscape shifts.

What are the proposed changes?

The new rules, driven by the leading browser vendors and certificate authorities, will take effect in three key phases:

• March 15, 2026: The maximum certificate validity drops from the current 398 days to 200 days.
• March 15, 2027: The maximum validity drops further to 100 days.
• March 15, 2029: Certificates can be valid for no more than 47 days.

Alongside certificate lifespan reductions, the periods for reusing domain (DV) and organization validation (OV) data will also shrink. For example, domain validation data reuse will drop to 200 days in 2026, 100 days in 2027, and just 10 days by 2029.

What is driving these changes?

The primary goal of the changes is to enhance online security and consumer trust. Shorter certificate lifespans mean that if a certificate or its private key is compromised, the opportunity for nefarious actions is dramatically reduced. It also encourages the need for automation in terms of certificate issuance and renewal, reducing the risk of outages and reputational issues from expired certificates.

What does this mean for domain owners and enterprises?

• More frequent renewals: By 2029, organizations will need to renew and reissue certificates up to eight times per year, compared to just once annually today.
• Automation is essential: The current process of manual certificate renewal will become unsustainable. Automated certificate lifecycle management tools will be critical to avoid service interruptions and maintain compliance.
• Multi-year certificates: Multi-year certificate plans will remain available. You’ll still be able to purchase multi-year coverage as you can do today, but you’ll need to reissue certificates more frequently within that coverage period.
• Operational impact: The increased frequency of renewals will require careful tracking, alerting, and process integration—especially for large or complex domain portfolios.

How should organisations prepare?

1. Start the planning now: Work with a certificate expert, such as Com Laude who can help you audit your current certificates and renewal processes. Identify any manual steps or legacy systems that are being used which may need to be improved to meet the new criteria.
2. Embrace automation: If you haven’t already done so, explore implementing certificate lifecycle management solutions that support automated issuance, renewal, and deployment.
3. Educate and inform stakeholders: Ensure IT, security, cyber risk, and web teams are aware of the upcoming changes and the need for new processes. Create and implement governance procedures to align with domain name policy.
4. Partner with experts: Work with trusted providers like Com Laude to streamline certificate management, reduce risk, and ensure your business is ready for the new era of SSL/TLS certification.

Summary

The move to shorter SSL/TLS certificate validity is a compelling event for digital security and trust. While it will bring some operational challenges, it also offers an opportunity to revisit and document your domain management practices. Com Laude has the expertise to help clients navigate these changes—ensuring your online presence remains present and protected in the years ahead.

For more information or to discuss how Com Laude can support your certificate management strategy, contact our team of experts today.