SSL Certificate Lifecycles Are Shortening: What You Should Know

Industry Shift to 47-Day SSL/TLS Certificate Validity by 2029

Beginning in March 2026, SSL/TLS certificates will gradually move from the current 398-day validity period to a significantly shorter 47-day lifespan by 2029. On April 11, 2025, the CA/Browser Forum approved Ballot SC-081v3, a proposal from Apple that aims to reshape how organizations manage certificates and validation lifespans. The ballot reduces certificate lifetimes to:

• March 2026: Approximately 6-month validity
• March 2027: Approximately 3-month validity
• March 2029: 47-day validity

In parallel with certificate lifespan reductions, validation data reuse intervals will shorten:

• Organization identity data reuse:
  • Current: 825 days
  • Starting March 2026: 398 days
• Domain/IP validation data reuse:
  • Current: 398 days
  • Starting March 2026: 200 days
  • Starting March 2027: 100 days
  • Starting March 2029: 10 days

Why Are SSL Certificates Getting Shorter?

The push for 47-day certificates is driven by security and agility. Shorter certificate lifetimes limit the risk from compromised keys or mis-issued certs. If a certificate (or its private key) falls into the wrong hands, a shorter validity window means the rogue certificate won’t be useful for long. As a byproduct, this move pushes organizations to adopt automation. As Google notes, shorter lifetimes “encourage automation” and reduce reliance on error-prone manual processes, improving overall security and consistency.

Frequent renewals also ensure domain ownership remains accurate. As companies change or abandon domains, revalidating domain ownership information more often helps prevent misuse by unauthorized parties. Apple's phased plan gradually reduces both certificate validity and domain control validation reuse, tightening security at every stage.

Additionally, shorter certificate cycles speed up the adoption of stronger encryption standards and improve crypto-agility. Organizations are better prepared to respond to incidents like certificate authority compromises or outdated cryptographic libraries, creating a safer, more responsive internet ecosystem.

Will I Need to Buy SSL Certificates More Frequently?

No, you won’t have to buy a new SSL certificate every 47 days. It’s important to clarify that shorter certificate validity does not mean you’ll need to purchase SSL certificates more frequently. Whether you buy a one-year or multi-year SSL certificate, it remains valid for the full term. The reduced validity period means you’ll need to reissue and reinstall the certificate as often as monthly, but reissuing a certificate is free—there's no additional cost required.

There’s no additional financial cost for these reissues—but it does introduce more manual work, greater complexity, and the potential for human error. That’s where automation comes in.

How Automation Solves the SSL Certificate Management Challenge

As certificate lifespans shorten to just 47 days, manual management becomes increasingly difficult to scale.

Set it up once and you can “forget” about your certificates. The entire SSL lifecycle is handled automatically, including issuance, validation, installation, and renewals.

• Always-on security: Renewals and reinstallation happen quietly in the background—before certificates expire.
• Fewer risks, fewer surprises: Reduces the chance of missed renewals and downtime due to human error.
• Future-ready flexibility: Automatically adapts to shorter certificate lifespans, enabling scalability without added effort.

Automate with our ACME SSL Certificates from DigiCert & Sectigo

Security best practices and browser policies are firmly moving toward ultra-short certificate lifespans. To stay ahead of these changes, we offer automated SSL solutions that eliminate manual renewals. These include ACME-based automation through trusted Certificate Authorities like DigiCert and Sectigo, as well as certificates that support auto-installation across a wide range of popular web hosting platforms.