Webinar: Are you ready for 47-day certificates?

Want to be prepared for the upcoming shift in SSL/TLS certificate lifespans? In our latest webinar, expert Nick France from our partner Sectigo shares valuable insights and guides us through practical steps on how to prepare for the changes.

Key takeaways from the session:

SSL/TLS certificate lifetimes are being drastically reduced down to 47 days by 2029.
Current maximum validity: 398 days
• March 2026: 200 days
• March 2027: 100 days
• March 2029: 47 days
This means organizations will eventually need to renew monthly.

Frequent domain validation (DCV) will become essential and automated.
• DCV reuse will drop from 398 days to only 10 days by 2029.
• This means DNS teams and certificate admins must work closely together.
• Manual DCV will become impossible; automation is mandatory.

The shift is driven by security risks, including stolen/mis-issued certificates and emerging quantum threats.
• Shorter validity reduces the window of damage if a certificate is compromised.
• Quantum computing may eventually break existing cryptographic algorithms, so the industry needs faster rotation to support stronger, post-quantum standards.

Automation will be the only viable way to handle certificate lifecycle management.
• Organizations must adopt Certificate Lifecycle Management (CLM) tools.
• Automation standards like ACME are strongly recommended (and widely supported).
• Legacy systems may require special handling, alternative certificates, or manual processes, but only after automating the bulk of environments.

Organizations must start preparing now — inventory, vendors, and toolset.
Recommended steps:
• Inventory all certificates
• Evaluate automation options (ACME, APIs, agents).
• Pressure vendors to support automation.
• Prioritize critical systems first; don’t aim for 100% automation immediately.
• Work with providers (like DotKeeper + Sectigo) to build a readiness roadmap.

Watch the recording and contact us for a consultation!