Certificate lifespans are shrinking fast, and the first major change is almost here. Beginning March 15, 2026, the maximum lifespan for public TLS certificates drops to 200 days.



How long was the validity of SSL/TLS certificates?

The validity period of SSL/TLS certificates was shortened from 10 years down to 5 years. A compromise was ultimately struck that led to certificate validity being reduced to a maximum of three years in 2015, and then later on March 1, 2018, it was capped at two years for all SSL/TLS leaf certs. On Sept 1, 2020, Apple and CA/B Forum enforced a maximum of 398 days (approx. 13 months). Beginning March 15, 2026, the validity will be further reduced to 200 days.

Why the shorter lifespan?

The shorter lifespan of SSL certificates seems to be a nightmare for site administrators with the more frequent renewals. However, it shortens the time to organically roll out updates or changes. A real-world example would be the SHA1-to-SHA2, which took 3 years. With a 3 or 5-year validity, the old certificates with an outdated algorithm will not be replaced unless the CA revokes them or forces the customer to re-issue. It can take years before all of the old certificates are replaced.

What does this mean for your website and customer?

Beginning March 15, 2026, Certificate Authorities will stop issuing 1-year SSL certificates. If you have a certificate issued prior to March 15, 2026, your validity period will not change and your SSL will stay valid. You can still buy the SSL certificates from the vendors for more than 1 year. However, you need to reissue the certificate with a new CSR and install the new certificates before the 200-day validity period is over.