Shortened Certificate Lifecycles
New industry standards are shrinking the maximum lifespans of SSL and Code Signing certificates. This article covers everything you need to know.
For DigiCert certificates
DigiCert certificate lifecycles were reduced on February 24, 2026:
- DigiCert SSL certificates reduced to 199 days maximum
- DigiCert Code Signing certificates reduced to 1 year maximum
For Sectigo certificates
Sectigo reduced certificate lifecycles as follows:
- February 23, 2026 - Sectigo Code Signing certificates reduced to 1 year maximum
- March 12, 2026 - Sectigo SSL certificates reduced to 200 days maximum
Industry-wide certificate lifecycle changes
Check the table below for the timeline of each reduction phase. Note: individual CAs may have implemented changes earlier than the industry deadline.
| SSL maximum term limit | Minimum # of re-issue/replacement per year | Industry deadline |
| 200 days | ~2 | March 15, 2026 |
| 100 days | ~4 | March 15, 2027 |
| 47 days | ~8 | March 15, 2029 |
Frequently Asked Questions
Why is this happening?
The longer a certificate remains valid, there is a greater chance that information contained in the certificate becomes inaccurate or invalid before the certificate expires. Shorter certificates need to be replaced more often, which means more frequent validation checks, and more accurate certificate data in the long term.
Replacing certificates more often also keeps you up to date with other changing industry standards and encryption updates.
Do I need to take any action?
There is no immediate action required.
Your existing certificates from before these changes will remain trusted until they reach their current expiration date.
If you have a multi-year order that requires renewal or re-issuance after a CA deadline, the newly issued certificate will follow the updated validity limits.
Going forward, you’ll simply re-issue SSL certificates more often. We’ll send you reminders in advance to keep you on track with your SSL re-issue and renewal schedule.
Will my current certificate be distrusted?
No. Any certificate that is active and valid today will stay trusted until the expiration date set when it was originally issued.
What about my multi‑year certificate plan?
Your multi-year SSL plan will be usable for the entire term you paid for.
During your next re-issue, the new certificate will either live for the maximum time allowed by the industry, or as much time as left on your plan if it's less than 199 days.
How will this change affect certificate purchase and enrollment?
Nothing has changed when it comes to buying and enrolling certificates.
You only need to re-issue SSL certificates more often than before.
Are there new shorter term SSL products for sale?
No, we’ll continue to offer a minimum 1-year plan for SSL and Code Signing certificates, and multi-year SSL plans for ongoing coverage.
There are not standalone 200‑day or 6‑month SSL certificate plans.
Can I purchase only 200 days of coverage instead of a full year?
No. The shortest certificate plan available is for 1 year.
How will shorter certificates impact validation?
The "validation re-use" period has been shortened along with certificate lifespans. That is the amount of time that the industry allows Certificate Authorities to maintain or rollover previously validated data.
- Domain validation: required every 199 days (previously 397 days)
- Organization validation: required every 397 days (previously 825 days)
Regardless of the re-use period, you may be required to undergo validation each time you re-issue or renew a certificate.
Can I automate certificate replacement?
CheapSSLSecurity does not offer certificate lifecycle automation solutions at this time.
