SSL certificate lifespans and validation windows slashed – Automation is now a necessity

The digital certificate landscape is undergoing one of its biggest changes in years.

The CA/Browser Forum—comprising major players like Apple, Google, Microsoft, and Mozilla—has voted to dramatically reduce how long public SSL/TLS certificates can remain valid. The maximum certificate lifespan will shrink from today’s 398 days to just 47 days by March 2029.

The new certificate validity timeline:

Certificate issued between	Maximum validity
Before March 15, 2026	398 days
March 15, 2026 – March 14, 2027	200 days
March 15, 2027 – March 14, 2029	100 days
On or after March 15, 2029	47 days

Domain validation reuse is changing too:

Just as critical: the Domain Control Validation (DCV) reuse period will also shrink drastically.

Currently: Up to 398 days
By 2029: Only 10 days

This means domain ownership must be revalidated more frequently—especially for SAN certificates.

What it means for you:

These changes enhance security but create a new operational burden:

More frequent renewals
Tighter domain validation windows
Higher risk of outages due to human error

If your organization relies on manual certificate tracking and renewals, the time to modernize is now.

Dotkeeper Recommends: Sectigo Certificate Manager:

At Dotkeeper, we partner with Sectigo to help businesses stay ahead with Sectigo Certificate Manager (SCM) — an enterprise-grade solution for fully automated public (and private) certificate lifecycle management.

With SCM, you can:

Automatically renew and validate certificates
Eliminate human error and downtime
Centralize certificate monitoring and compliance
Be ready for every change coming in 2026, 2027, and 2029

Need help preparing for this change? Contact us!