SSL certificate maximum validity is being reduced to 200 days from March 2026. Read more →

SSL Certificates

Cheap SSL DV SSL Wildcard SSL Multi-Domain (SAN) OV & EV SSL

Specialty Certificates

Code Signing Document Signing Email / S/MIME VMC / BIMI
In effect now Certificate Lifetime

Automation

Overview Auto DNS FairSSL vs Let's Encrypt

Platforms

Windows Setup Linux & Kubernetes Appliances ACME Clients

Tools

SSL Scanner Certificate Decoder CAA Generator

Guides

Windows Server Linux & Open Source All guides

Company

About Us Contact Installation Service
News

Language

Dansk Svenska English

Currency

Login Create Account
New industry requirements from CA/Browser Forum

Shorter SSL Lifetime: 200, 100, and 47 Days

Starting in 2026, the maximum technical lifetime for SSL certificates will be significantly reduced. This means more frequent issuances, but your procurement process remains the same.

Important: You can still purchase SSL for 1 year at a time. Your order covers all technical reissuances required during the period.

1. Industry Reduction Timeline

The CA/Browser Forum has adopted a phased reduction of the maximum lifetime for SSL/TLS certificates (ballot SC-081).

Date Max Lifetime DCV Validity Renewals per Year
Sep 2020 (current) 398 days 398 days ~1x
March 15, 2026 200 days 200 days ~2x
March 15, 2027 100 days 100 days ~4x
March 15, 2029 47 days 10 days ~8x

DCV = Domain Control Validation. With a 47-day lifetime, domain ownership must be revalidated more frequently to maintain security.

Sep 2020
398 days
March 2026
200 days
March 2027
100 days
March 2029
47 days

How to Work with Certificates Going Forward

The order period and price remain the same. What changes is that each individual certificate is issued with a shorter lifetime, so you will need to install new certificates more often. The process depends on which CA you use.

DigiCert
DigiCert
Thawte · GeoTrust · RapidSSL

Reissue

You purchase one order period and can reissue certificates an unlimited number of times within it. All reissues are free.

  1. 1 Purchase the order period (e.g. 1 year)
  2. 2 Issue and install the first certificate
  3. 3 When the certificate approaches expiry: reissue it
  4. 4 Install the new certificate on the server
  5. 5 Repeat steps 3 and 4 until the order period expires
System action

Our system automatically shows a highlighted "Reissue" icon when it is time to act.

Sectigo
Sectigo
PositiveSSL

Reissue

You purchase one order period and can reissue certificates an unlimited number of times within it. All reissues are free.

  1. 1 Purchase the order period (e.g. 1 year)
  2. 2 Issue and install the first certificate
  3. 3 When the certificate approaches expiry: reissue it
  4. 4 Install the new certificate on the server
  5. 5 Repeat steps 3 and 4 until the order period expires
System action

Our system automatically shows a highlighted "Reissue" icon when it is time to act.

GlobalSign
GlobalSign
AlphaSSL

Renewal (renew)

GlobalSign uses a renewal model rather than reissue. Renewals within the paid order period are free.

  1. 1 Purchase the order period (e.g. 1 year)
  2. 2 Issue and install the first certificate
  3. 3 The system shows a "Renew" icon when fewer than 32 days remain on the certificate
  4. 4 Click renew and install the new certificate
  5. 5 Repeat steps 3 and 4 until the order period expires
System action

Our system automatically shows a highlighted "Renew" icon when fewer than 32 days remain on the certificate.

What Does This Mean for You?

Existing Certificates
Certificates issued before the new limits retain their full validity. If you have a 1-year certificate from January 2026, it remains valid until January 2027. The new rules only apply to new issuances after the effective dates.
More Frequent Updates
Since certificates expire faster, they must be installed more often on the server. Your 1-year order covers all these issuances at no extra cost, but the technical handling must occur more frequently.

Order Period vs. Technical Issuances

Even though each certificate is only valid for e.g. 199 or 99 days, you can still purchase certificates with a 1-year order period. You simply reissue new certificates on an ongoing basis within your existing order.

Left side

1-year order period (Financial)

Right side

Technical issuances

Year 1 - 2026 (199 d.)

1-year order paid

Certificates issued with up to 199-day lifetime.

Issuance 1

Certificate (199 d.)

Issuance 2

Certificate (199 d.)

Year 2 - 2027 (100 d.)

1-year order paid

New rules: 100-day lifetime from March 2027.

Iss. 3

100 d. cert.

Iss. 4

100 d. cert.

Iss. 5

100 d. cert.

Iss. 6

100 d. cert.

Year 3 - 2028 (100 d.)

1-year order paid

100-day lifetime continued.

Iss. 7

100 d. cert.

Iss. 8

100 d. cert.

Iss. 9

100 d. cert.

Iss. 10

100 d. cert.

Year 4 - 2029 (47 d.)

1-year order paid

New rules: 47-day lifetime.

Iss. 11

47 days

Iss. 12

47 days

Iss. 13

47 days

Iss. 14

47 days

Iss. 15

47 days

Iss. 16

47 days

Iss. 17

47 days

Iss. 18

47 days

Iss. 19

47 days

Iss. 20

47 days

Iss. 21

47 days

Iss. 22

47 days

By reissuing 15-30 days before expiry, you ensure your servers always have a valid certificate without losing paid time from your order period.

Examples: order period vs. certificate lifecycle

See how your order period covers the technical certificate issuances over time. Each coloured bar is one certificate. Hover over the bars for details.

Order: 2 years
↓ 99-day cap
199d
199d
99d
99d
99d
36d
Jun 2026
Issue and install
Jun 2028
Renew order
+ issue new cert.
Reissue and install ×5
Expires every 199/99 days

Frequently Asked Questions About the New Lifetimes

Find svar på de mest almindelige spørgsmål om SSL certifikater og FairSSL.

Yes. Certificates issued before a deadline retain their full lifetime. A certificate issued with 398 days of validity in February 2026 remains valid for the entire period. The new rules only apply to newly issued certificates after the effective date.
The CA/Browser Forum passed this by vote (ballot SC-081) to improve security. Shorter lifetimes mean more frequent validation of domain ownership, faster phasing out of compromised keys, and better alignment with cryptographic best practices.
Yes: from March 2026 maximum every 200 days, from March 2027 every 100 days, and from March 2029 every 47 days. We strongly recommend automating renewal so you don't have to do it manually.
The order period is the time you pay for (e.g., 1 year). The certificate lifetime is how long a single certificate is valid (e.g., 200 days). You can buy a 1-year order and issue multiple certificates within that period, each certificate having the maximum lifetime applicable at the time of issuance.
DigiCert and Sectigo: You purchase an order period (e.g., 1 year) and can reissue certificates within the period. GlobalSign: You purchase an order and renew afterwards. A reissue gives the same end date as the original certificate.

Need Advice?

We help you navigate the new industry requirements and secure your infrastructure.

Opret gratis konto Sammenlign certifikater