398 days, 200 in 2026, then 100 in 2027, before reaching 47 days in 2029: the validity period of SSL/TLS certificates will be drastically reduced in the coming years.
Starting in 2029, SSL/TLS certificates will only be valid for 47 days, instead of the current 398 days. This technical development was decided by the CA/Browser Forum, supported in particular by Apple, which aims to strengthen web security… but which also raises many questions about the operational burden for businesses.
What is an SSL/TLS certificate?
Browsing a website securely has become almost a habit, and this is largely due to SSL/TLS certificates. These digital files are essential for ensuring that the connection between a user and a website is authentic and encrypted. In concrete terms, an SSL certificate (or TLS, its technical successor) fulfills two key functions:
- It authenticates the identity of the website, allowing the browser to verify that the site being visited is what it claims to be, and not a malicious imitation.
- It encrypts the data exchanged between the user and the server, to prevent any interception or modification en route.
It is this certificate that allows the URL of a site to be displayed with the famous https://, sometimes accompanied by the small padlock in the address bar.
Until now, the validity period of an SSL/TLS certificate was approximately 13 months (398 days, to be precise). But this period will gradually decrease, reaching 47 days by March 2029. This means that a certificate will have to be renewed nearly eight times more frequently than today—a change that will directly impact the technical management of websites.
The change has been made: towards certificates valid for only 47 days
The CA/Browser Forum, an organization representing major certification authorities (CAs) and web browser vendors, voted in spring 2025 to gradually reduce the lifespan of SSL/TLS certificates, with the aim of strengthening web security. This change, supported in particular by Apple, will be implemented in phases until March 2029, at which point certificates will be valid for only 47 days.
A calendar in three major stages:
- March 15, 2026: Maximum lifespan decreases from 398 days to 200 days,
- March 15, 2027: it is reduced to 100 days,
- March 15, 2029: the maximum duration reaches 47 days, i.e. a renewal every 6 to 7 weeks.
At the same time, the validity of domain control (called Domain Control Validation, or DCV) will also be shortened: it will fall to 10 days by 2029. In short, you will have to prove that you control a domain much more frequently before obtaining a certificate.
Another important technical clarification: in this context, a “day” does not correspond to a classic calendar day, but to exactly 86,400 seconds. This means that the slightest overrun (even by a fraction of a second) is counted as an additional day. To avoid any miscalculations, certificates should therefore not be issued at the exact validity limit.
What impact will it have on web professionals and how can we prepare for it?
This drastic reduction in certificate lifespans threatens to profoundly transform management practices on the technical side. For developers, system administrators, and DevOps teams, this means that manually managing certificates will no longer be feasible. The renewal rate will become too frequent, and even the slightest oversight could lead to visible consequences, such as error messages in browsers, interruptions to website access, or even a loss of traffic or revenue. Non-automated infrastructures will have to evolve, or risk seeing incidents related to expired certificates multiply.
To anticipate this evolution, professionals should implement automation solutions now. Tools, cloud services with integrated certificate management, and compatible ACME platforms can automate the certificate lifecycle. It is also recommended to audit existing certificates, train the relevant teams, and review monitoring and alerting procedures.
