To further strengthen global internet security, the validity period for SSL/TLS certificates is being significantly reduced.
This policy change was ratified on April 11, 2025, by the “CA/Browser Forum” , the industry body comprising Certificate Authorities and browser vendors.
* Information current as of January 2026
Table of Contents
SSL/TLS certificates serve as critical infrastructure, encrypting communication between websites and browsers to ensure security.
However, the information within a certificate is verified only at the moment of issuance. As time passes, the risk increases that this data may no longer reflect the current reality.
Additionally, given the reliability and operational challenges associated with traditional revocation mechanisms (such as CRL and OCSP), the industry has determined that shorter renewal cycles provide a significant security advantage.
| Key Benefit | |
| Enhanced Trust & Agility | By updating credentials frequently, you ensure that trust is validated in near real-time. It moves security from a “checked once” model to a state of constant, up-to-the-minute assurance. |
| Minimized Risk Window | Shorter validity periods drastically limit the damage if a certificate is compromised or mis-issued. The “window of opportunity” for bad actors shrinks, making stolen credentials useless much faster. |
| A Catalyst for Automation | High-frequency renewals make manual spreadsheet management impossible. This naturally forces the adoption of automated lifecycle management tools, streamlining operations and removing the risk of human oversight. |
The industry is moving toward shorter lifecycles through a phased reduction in SSL/TLS certificate validity.
The critical milestone is set for March 15, 2029; from this date forward, the maximum lifespan for certificates will be officially capped at 47 days.
In alignment with this shift, the reuse window for domain validation data will also be compressed. Future standards aim to narrow this period to approximately 10 days, further emphasizing the need for automated validation workflows.
| mplementation Date | Maximum Validity Period |
| Until March 14, 2026 (Sat) | 398Days |
| From March 15, 2026 (Sun) | 200Days |
| From March 15, 2027 (Mon) | 100Days |
| From March 15, 2029 (Thu) | 47Days |
The decision to cap validity at 「47 days」 is rooted in a deliberate design philosophy. It aims to strike a perfect balance between rigorous security and operational reality, ensuring there is a sufficient buffer to manage the certificate lifecycle effectively without compromisi)ng trust.
The 「47-Day」 Formula:
31 Days(Full duration of the longest calendar month) + 15 Days(Operational window / half of a standard month)+ 1 Day(Safety buffer)= (47 Days」 Total
The reduction in SSL/TLS certificate validity marks a major turning point. For website administrators and corporate IT leaders in particular, this shift is more than just a policy update—it represents a fundamental change in how digital trust must be managed.
| Impact Area | |
| Surge in Renewal Frequency | With the 47-day limit, you will face 8+ renewals per year for every certificate. This volume renders manual tracking obsolete, making automated lifecycle management a necessity, not a luxury. |
| Continuous Domain Verification | The window for reusing 「Domain Control Validation」(DCV) data is shrinking. In the future, you must expect to validate ownership for almost every new issuance, effectively moving to a model of continuous verification. |
Adapting to shorter certificate lifecycles requires more than just speeding up your current processes; it demands a complete re-engineering of your operational design.
With the 「47-day」 limit on the horizon, relying on manual updates is no longer just difficult—it is operationally unsustainable. Therefore, implementing automation must be your top priority.
Fortunately, the ecosystem is ready. Most Certificate Authorities (CAs) now provide ACME support and comprehensive lifecycle management tools. You should evaluate and select the solution that best scales with your organization’s size.
| Key Strategies | |
| Conduct a Comprehensive Inventory | Gain complete visibility of all SSL/TLS certificates currently in use. Organize their configuration status and expiration dates to ensure nothing is overlooked. |
| Implement Automated Renewals | Utilize protocols such as ACME to build a system for automatic issuance and renewal. This eliminates the risks associated with manual updates. |
| Establish Monitoring & Alerts | Implement a mechanism to continuously monitor certificate validity periods and trigger automated alerts well before the expiration date. |
| Outsource to IT Professionals | Delegate certificate management to external IT providers or server management companies. This prevents internal knowledge silos (dependency on specific individuals) and operational omissions. |
The decision to shorten SSL/TLS certificate validity periods is driven by two key goals: strengthening security and accelerating operational automation.
With the timeline set to begin phasing down in 2026 and targeting a strict 「47-day」 cycle by 2029, relying on traditional manual renewal processes will soon become unsustainable due to the overwhelming workload.
While this represents a major industry shift, it is also a strategic opportunity. We strongly recommend establishing an automated issuance and renewal infrastructure today to stay ahead of the curve and ensure seamless operations.
● Ballot SC081v3: Introduce Schedule of Reducing Validity and Data Reuse Periods
https://cabforum.org/2025/04/11/ballot-sc081v3-introduce-schedule-of-reducing-validity-and-data-reuse-periods
For website creation, server construction/operation
▼ Company WeChat Official Account▼
▼ Contact person in charge WeChat ID ▼
Follow us on WeChat
WeChat Official Account
Person in ChargeWeChat
【2026】Public Holiday Calendar for China, Japan, and Singapore