Login Book a Meeting
Services
Go back Show all Services

We manage, develop, and protect your digital assets.

Industries
Go back Industries

Secure your brand digitally within your industry.

Clients
News
Go back Show all News

News and tips from the world of domains and the internet.

Knowledge Hub
Login Book a Meeting

Webinar: The 200-day shift is coming: What to do now

Want to stay ahead of the upcoming changes to SSL/TLS certificate lifespans?
In our latest webinar, industry expert Tim Callan, Chief Compliance Officer at Sectigo and Vice Chair of the CA/Browser Forum, breaks down what’s changing and how organizations should prepare.

Watch the recording here:

Key takeaways from the session:

SSL/TLS certificate lifetimes are shrinking fast

Public TLS certificates are moving from annual renewals to monthly ones within just a few years.
Current maximum validity: 398 days
March 2026: 200 days
March 2027: 100 days
March 2029: 47 days

This means organizations will soon need to manage certificate renewals on a half a year, quarterly, monthly cadence.

Domain validation (DCV) will become far more frequent
DCV reuse periods are being reduced alongside certificate lifespans.

• DCV reuse drops from 398 days to ~10 days by 2029
• Large spikes in DCV activity should be expected at transition dates
• DNS teams and certificate administrators must collaborate closely
• Manual DCV will not scale — automation is essential

Security is the main driver behind the change
Shorter certificate lifetimes significantly reduce risk.

• Less exposure if keys are compromised or certificates are mis-issued
• Faster recovery from domain ownership changes or subdomain takeovers
• Better crypto agility as the industry prepares for post-quantum cryptography
• Faster adoption of new, stronger cryptographic standards

Automation is no longer optional
With certificates expiring every few weeks, manual handling becomes impossible.

• Certificate Lifecycle Management (CLM) tools are required
• Automation standards like ACME are strongly recommended
• High-volume and critical systems must be automated first
• Legacy systems may need temporary manual handling — but only after automating the majority

Organizations should start preparing now
Organizations should inventory all certificates, identify business-critical systems, and prioritize automation where certificate failures would have the highest impact.

Recommended next steps:
• Inventory all certificates (build a cryptographic bill of materials)
• Identify critical systems and easy automation wins
• Evaluate automation options (ACME, APIs, agents)
• Push vendors to support automated certificate management
• Build a phased roadmap — don’t aim for 100% automation on day one

Dotkeeper can help you quickly extract an overview of existing certificates and their details, contact us to know more!